Setting httpOnly to false creates a vulnerability to XSS attacks; therefore, I do not recommend this solution.