security headers for cookies. secure and httponly?

[bnomei]

i am using kirby for a ssl enabled (letsencrypt, c::set('ssl', true) ) website.
but i get warnings for cookie http headers, whats wrong?

maybe case httpOnly must match or missing semicolon?

Set-Cookie

kirby_session=6u6hb25027kqkud167gkt3ol85; path=/
kirby_session=6u6hb25027kqkud167gkt3ol85; path=/; secure; httponly

[lukasbestle]

Well, that's strange. Kirby should not set two cookies, only one. I will investigate.

[texnixe]

However, we had issues with 2 Cookies in the past: https://forum.getkirby.com/t/set-cookie-twice/5444?