diff --git a/net/ghttp/ghttp_server_cookie.go b/net/ghttp/ghttp_server_cookie.go
index b37492a4c..1e519d957 100644
--- a/net/ghttp/ghttp_server_cookie.go
+++ b/net/ghttp/ghttp_server_cookie.go
@@ -23,9 +23,9 @@ type Cookie struct {
 
 // CookieOptions provides security config for cookies
 type CookieOptions struct {
-	sameSite http.SameSite // cookie SameSite property
-	secure   bool          // cookie Secure property
-	httpOnly bool          // cookie HttpOnly property
+	SameSite http.SameSite // cookie SameSite property
+	Secure   bool          // cookie Secure property
+	HttpOnly bool          // cookie HttpOnly property
 }
 
 // cookieItem is the item stored in Cookie.
@@ -96,15 +96,15 @@ func (c *Cookie) Set(key, value string) {
 		c.request.Server.GetCookiePath(),
 		c.request.Server.GetCookieMaxAge(),
 		CookieOptions{
-			sameSite: c.request.Server.GetCookieSameSite(),
-			secure:   c.request.Server.GetCookieSecure(),
-			httpOnly: c.request.Server.GetCookieHttpOnly(),
+			SameSite: c.request.Server.GetCookieSameSite(),
+			Secure:   c.request.Server.GetCookieSecure(),
+			HttpOnly: c.request.Server.GetCookieHttpOnly(),
 		},
 	)
 }
 
 // SetCookie sets cookie item with given domain, path and expiration age.
-// The optional parameter `httpOnly` specifies if the cookie item is only available in HTTP,
+// The optional parameter `options` specifies extra security configurations,
 // which is usually empty.
 func (c *Cookie) SetCookie(key, value, domain, path string, maxAge time.Duration, options ...CookieOptions) {
 	c.init()
@@ -117,9 +117,9 @@ func (c *Cookie) SetCookie(key, value, domain, path string, maxAge time.Duration
 		Value:    value,
 		Path:     path,
 		Domain:   domain,
-		HttpOnly: config.httpOnly,
-		SameSite: config.sameSite,
-		Secure:   config.secure,
+		HttpOnly: config.HttpOnly,
+		SameSite: config.SameSite,
+		Secure:   config.Secure,
 	}
 	if maxAge != 0 {
 		httpCookie.Expires = time.Now().Add(maxAge)
@@ -151,9 +151,9 @@ func (c *Cookie) SetSessionId(id string) {
 		c.request.Server.GetCookiePath(),
 		c.server.GetSessionCookieMaxAge(),
 		CookieOptions{
-			sameSite: c.request.Server.GetCookieSameSite(),
-			secure:   c.request.Server.GetCookieSecure(),
-			httpOnly: c.request.Server.GetCookieHttpOnly(),
+			SameSite: c.request.Server.GetCookieSameSite(),
+			Secure:   c.request.Server.GetCookieSecure(),
+			HttpOnly: c.request.Server.GetCookieHttpOnly(),
 		},
 	)
 }