secure and HttpOnly are flags, there is no "=" afterwards, so the string length should be correct. One thing which is not completely correct though is that "secureXYZ" would be interpreted as "secure". If you want to fix that too, it should probably go into a separate patch.
Ah, right. I'll just fix the version one for now