With .htaccess just need to add these flags: 
php_value session.cookie_httponly 1
php_value session.cookie_secure 1