Don't recommend setting SESSION_COOKIE_HTTPONLY

This setting is already defaults to true, so there is no need to
recommend that people set this option to prevent cross site scripting.

Closes-Bug: 1333407
Change-Id: If5c8f3cba31f6e613ec17af81cff8d15cd2f8f19

doc/source/topics/deployment.rst

@@ -210,7 +210,6 @@ following to ``local_settings.py``::
 
     CSRF_COOKIE_SECURE = True
     SESSION_COOKIE_SECURE = True
-    SESSION_COOKIE_HTTPONLY = True
 
 Note that the CSRF_COOKIE_SECURE option is only available from Django 1.4. It
 does no harm to have the setting in earlier versions, but it does not take effect.