To set the secure flag on all cookies using .htaccess, you can add the following code to your .htaccess file:
<IfModule mod_headers.c>
Header set Set-Cookie HttpOnly;Secure
</IfModule>
This will ensure that all cookies set by your website have the secure flag set, which means that they will only be sent over HTTPS connections. This helps to protect the cookies from being intercepted by third parties and improves the overall security of your website.
Note: This solution assumes that your website is already running over HTTPS. If your website is not using HTTPS, you will need to configure it to do so before implementing this solution.