您需要使用session_set_cookie_params覆盖默认设置，将$secure标志设置为true，

void session_set_cookie_params ( int $lifetime [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]] )

更多信息php.net
在laravel中，你需要修改配置文件session/session.php，将secure标志设置为true

/*
|--------------------------------------------------------------------------
| HTTPS Only Cookies
|--------------------------------------------------------------------------
|
| By setting this option to true, session cookies will only be sent back
| to the server if the browser has a HTTPS connection. This will keep
| the cookie from being sent to you if it can not be done securely.
|
*/

'secure' => true,

在laravel的新版本中，你可以简单地在.env文件中设置SESSION_SECURE_COOKIE=true

您可以在config/session.php文件中设置securetrue 的值，如下所示;

'secure' => env( 'SESSION_SECURE_COOKIE', true ),