Secure cookie with HttpOnly and Secure flag in Apache
reference:
http://geekflare.com/httponly-secure-cookie-apache/
1.Ensure you have mod_headers.so enabled in Apache instance
2.Add following entry in httpd.conf :
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
3. Restart Apache Web Server
Open your website with HTTP Watch, Live HTTP Header or HTTP Header Online tool :
http://tools.geekflare.com/seo/tool.php?id=check-headers