Cookies - PHP vs Javascript

Question

With regards to security and convenience which cookies are better the PHP ones or the Javascript ones?

Answer 1

I'm not sure if at the time you asked the question you were aware of the fact that some browsers support an additional HTTPOnly flag for cookies. In that regard, cookies sent with PHP, that contain the HTTPOnly flag cannot be modified by client-side JavaScript code in browsers that support the feature, which strengthens the security somehow.

So, users that have a browser supporting HTTPOnly cookies, will be better protected against XSS attacks.