The settings are described as:

If <true> cookie will only be sent over secure connections.

• PHP setting: session.cookie_secure
  #CookieSecure=false|true
  Tells browser to not allow scripts to access cookie, only supported on php 5.2+
• PHP setting: session.cookie_httponly
  #CookieHttponly=false|true

but they do not work. if the settings have a value other than 0 or empty, they are always treated as true. even using the description and defining Setting=false, will give a behavior of true.
Steps to reproduce

set any of those settings to any string you like. they will all be treated as true.

put the setting to false, it will not work.

steps to reproduce

change the settings, clear the cache, and verify that no changes are performed on session parameters through a eZDebug::writeError(session_get_cookie_params()); added to index.php (for instance)