https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

Note: Insecure sites (http:) can't set cookies with the "secure" directive anymore (new in Chrome 52+ and Firefox 52+).

take ,-secure=1 off, see if it works. if it starts working then "things" are not as you think they are. It could be a "non-secure" certificate or some part is running in http rather than https.