My question is If I am hosting my website in HTTPS connection then could the cookie still be potentially stolen by an attacker to perform man in the middle attack?
In an HTTP connection, the attacker might intercept the cookie and can hijack a victim's session. So if the attacker can carry out a man in the middle attack, he can force the victim to make an http request and steal the cookie.
So does this risk is still there in the HTTPS connection? Or how can I make it more secure so that the attacker cannot steal the cookie?
The answer is YES.
Not sure if I am explaining this well enough.
But take a look at : https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
On an extra note:- The cookie will reside on the user end and HTTPS just specifies that the connection that will be used between the two ends will be encrypted and an SSL certificate is used. SSL certificates are what enable websites to move from HTTP to HTTPS, which is more secure. An SSL certificate is a data file hosted in a website's origin server. SSL certificates make SSL/TLS encryption possible, and they contain the website's public key and the website's identity, along with related information.