feat: improve session security with HttpOnly and MaxAge options

feat: improve session security with HttpOnly and MaxAge options #15