A few moments after sending this I found:
Understanding the intended behaviour of HTTPOnly flag
which indicates that this is correct behaviour and the server has to continually append the httponly flag. Seems a bit wacky, but hey as long as I know what the intended behaviour is.