How to activate secure cookies in Wildfly?

Try following command via jboss-cli:

/subsystem=undertow/servlet-container=default/setting=session-cookie:add(http-only=true,secure=true)

or in your standalone.xml:

<servlet-container name="default">
    <session-cookie http-only="true" secure="true"/>
    <jsp-config/>
</servlet-container>

ref: http://wildscribe.github.io/Wildfly/8.2.0.Final/subsystem/undertow/servlet-container/setting/session-cookie/index.html

One can easily configure the secure flag and it's security cousin http-only flag by adding the following to your web.xml.

    <session-config>
      <cookie-config>
        <http-only>true</http-only>
        <secure>true</secure>
      </cookie-config>
    </session-config>