I think we can remove the HttpOnly from this patch and keep the rest.
Do let ...