PHP supports setting the HttpOnly flag since version 5.2.0 (November 2006).
For session cookies managed by PHP, the flag is set either permanently in php.ini through the parameter:
session.cookie_httponly = True
Method#1 By using ini_set function before using setcookie function.
Add the following code on the page:
ini_set("session.cookie_httponly", 1);
setcookie("name", "value", NULL, NULL, NULL, NULL, TRUE);
Method#2 By using session_set_cookie_params function before using setcookie function
Add the following code on the page:
session_set_cookie_params(0, NULL, NULL, NULL, TRUE);
setcookie("name", "value", NULL, NULL, NULL, NULL, TRUE);
Method#3 By using setcookie function
Add the following code while creating cookie (not necessarily a session cookie):
setcookie("name", "value", NULL, NULL, NULL, NULL, TRUE);
References
http://php.net/manual/en/function.setcookie.php
http://php.net/manual/en/function.session-set-cookie-params.php
http://php.net/manual/en/session.configuration.php#ini.session.cookie-ht…