Flask-Lastuser needs to honour the secure flag in `SESSION_COOKIE_SECURE` and use it for the Lastuser cookie.
