CookieMonster

If cookie is used for session management, use secure cookie to avoid inadvertent transmission in HTTP.

Below is the link how to steal cookie with SSL

http://www.gss.co.uk/news/article/5412/CookieMonster_nabs_user_creds_from_secure_sites/?