system/config/cookie.php
domain
Domain, to restrict the cookie to a specific website domain. For security, you are encouraged to set this option. An empty setting allows the cookie to be read by any website domain.
Default value: '';
path
Restrict cookies to a specific path, typically the installation directory.
Default value: '/';
expire
Lifetime of the cookie. A setting of 0 makes the cookie active until the users browser is closed or the cookie is deleted.
Default value: 0;
secure
Enable this option to only allow the cookie to be read when using the a secure protocol.
Default value: FALSE;
httponly
Enable this option to disable the cookie from being accessed when using a secure protocol. This option is only available in PHP 5.2 and above.
Default value: FALSE;