How to set HTTPOnly in cookie when HTTP::response & make the session persist on that cookie

There are some good threads on here about this topic. Here's one that should help you:

https://devcentral.f5.com/questions/cookie-persistence-sendfor-http-only

And to set the secure attribute:

http://support.f5.com/kb/en-us/solutions/public/11000/300/sol11324