An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.