Session Cookie without HttpOnly flag set-Collection of common programming errors

I have joust built a website with a login system. After I’ve just got ready I have scanned it with Acunetix, but I got the following message:

Session Cookie without HttpOnly flag set Session Cookie without Secure flag set (i guess this is only if I have SSL connection)

So my question would be, that how can I set HttpOnly flag for all my Session data? I’m just using sessions when I log in the users. I’m giving them a session with their userID number and than I’m getting data using that userID.

Is there any simple way that I can set ALL of the session HTTPOnly and secure them, so noone can touch them?