Set-Cookie: <name>=<value>[; <Max-Age>=<age>] [; expires=<date>][; domain=<domain_name>] [; path=<some_path>][; secure][; HttpOnly]
When developing our server side in PHP we can easily create an HttpOnly cookie. We just need to pass over the value true to the httponly parameter of the setcookie method.
bool setcookie (string $name [, string $value [, int $expire = 0 [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]]]] )
The session cookie can be configured to be httponly through the php.ini file by referring the cookie_httponly property of the session and assigning it with true.
session.cookie_httponly = true;
We can alternatively call the session_set_cookie_params function and pass over true to the httponly parameter.
void session_set_cookie_params (int $lifetime [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]] )