I would consider a browser that allows a cookie with a secure flag to be overwritten from a http page buggy, and thus the solution would be simply enforcing the secure flag in a same way.
What legitimate use is there for overwriting a secure cookie with a non secure one?
What legitimate use is there for overwriting a secure cookie with a non secure one?