WBSP-AS-000190 - The WebSphere Application Server security cookies must be set to HTTPOnly.
From the administrative console, navigate to Security >> Global Security. Expand 'Web and SIP security'. Select 'Set security cookies to HTTPOnly'. Click 'OK'. Click 'Save'. Restart the DMGR and all the JVMs.