changed the default httpOnly value for cookie for better security out of the box

src/Symfony/Component/BrowserKit/Cookie.php

@@ -43,7 +43,7 @@ class Cookie
      *
      * @api
      */
-    public function __construct($name, $value, $expires = null, $path = '/', $domain = '', $secure = false, $httponly = false)
+    public function __construct($name, $value, $expires = null, $path = '/', $domain = '', $secure = false, $httponly = true)
     {
         $this->name     = $name;
         $this->value    = $value;

src/Symfony/Component/HttpFoundation/Cookie.php

@@ -26,7 +26,7 @@ class Cookie
     protected $secure;
     protected $httpOnly;
 
-    public function __construct($name, $value = null, $expire = 0, $path = '/', $domain = null, $secure = false, $httpOnly = false)
+    public function __construct($name, $value = null, $expire = 0, $path = '/', $domain = null, $secure = false, $httpOnly = true)
     {
         // from PHP source code
         if (preg_match("/[=,; \t\r\n\013\014]/", $name)) {