I want inform about how to set cookie secure flag and http flag using javascript. When I open in chrome developer tools with F12 and click "Application->cookies" I see no flag here (in secure and http column), this is my code to set cookie:
document.cookie = name+'='+value+'; expires='+expires+'; path=/;';
I also find this topic, but this not help me: How to set cookie secure flag using javascript
It is impossible to create HttpOnly cookie with JavaScript. **HttpOnly** Cookie means it is not accessible by scripting languages. And therefore it cannot be created by Javascript.
To prevent cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript's Document.cookie API; they are only sent to the server. For example, cookies that persist server-side sessions don't need to be available to JavaScript, and the HttpOnly flag should be set.
Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies