document.cookie.HttpOnly = true; document.cookie.Secure = true;