Use HttpOnly AND Secure flag for cookies with onsuccess