What does this PR do?

This PR addresses a security vulnerability in the slot booking API by implementing proper cookie security measures. The fix enhances the security of user session management by properly configuring cookie attributes in the slot reservation endpoint.

What i updated ? Added essential security flags to cookie configuration: httpOnly: true -> Prevents client-side JavaScript from accessing the cookie secure: isProduction -> Ensures cookies are only transmitted over HTTPS in production

• Fixes #21636
• Fixes CAL-5880
• /claim #21636

Visual Demo (For contributors especially)

https://github.com/user-attachments/assets/9a94d6f1-64a1-4224-adcf-f16bd333db19

Mandatory Tasks (DO NOT REMOVE)

• ✓ I have self-reviewed the code (A decent size PR without self-review might be rejected).
• I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. If N/A, write N/A here and check the checkbox.
• ✓ I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

• Are there environment variables that should be set?
• What are the minimal test data to have?
• What is expected (happy path) to have (input and output)?
• Any other important info that could help to test that PR

Checklist

• I haven’t read the contributing guide
• My code doesn’t follow the style guidelines of this project
• I haven’t commented my code, particularly in hard-to-understand areas
• I haven’t checked if my changes generate no new warnings

Summary by cubic

Secured the slot booking API by setting the session cookie with httpOnly and secure flags to protect user sessions.

• Bug Fixes
  • Cookies are now httpOnly to block client-side access.
  • Cookies use the secure flag in production to allow transmission only over HTTPS.