add a secure cookie for clients to verify authenticity.
as recommended by IncludeSec company.