It means that you have set secureCookies to true in kibana.yml and you haven't enabled TLS for http in Kibana.
Setting secureCookies means that the session cookie gets the secure flag set which means that your browser will only send it over https connections. But the fact that TLS for http is not enabled in Kibana, it means that your browser is not communicating over https with Kibana and as such cannot send the session cookie, leaving Kibana unable to keep you logged in. This is why you get this error up front, so that you can correct your configuration.