Can cookies set using HTTP be read using HTTPS?
Cookies set with the "Secure" keyword will only be sent by the browser when connecting by a secure means (HTTPS). Apart from that there is no distinction - if "secure" is absent, the cookie may be sent over an insecure connection.
In other words, cookies that you want to protect the contents of should use the secure keyword and you should only send them from the server to the browser when the user connects via HTTPS.
Reference: RFC 2109 See 4.2.2 (page 4), 4.3.1