Secure – Saves you from Eavesdropping access on sites that run Both on HTTPS and HTTP.
HTTPOnly – Javascript cannot read this cookie and thus prevents XSS attacks.
Secure and HttpOnly Cookie
HTTPOnly – Javascript cannot read this cookie and thus prevents XSS attacks.