添加cookie的HttpOnly和Secure属性

直接在.htaccess添加

Header set Set-Cookie HttpOnly;Secure
Header always append X-Frame-Options SAMEORIGIN