diff --git a/Lib/Cookie.py b/Lib/Cookie.py
--- a/Lib/Cookie.py
+++ b/Lib/Cookie.py
@@ -421,16 +421,18 @@ class Morsel(dict):
                    "comment" : "Comment",
                    "domain"      : "Domain",
                    "max-age" : "Max-Age",
                    "secure"      : "secure",
                    "httponly"  : "httponly",
                    "version" : "Version",
                    }
 
+    _flags = {'secure', 'httponly'}
+
     def __init__(self):
         # Set defaults
         self.key = self.value = self.coded_value = None
 
         # Set default attributes
         for K in self._reserved:
             dict.__setitem__(self, K, "")
     # end __init__
@@ -527,28 +529,30 @@ class Morsel(dict):
 #
 
 _LegalCharsPatt  = r"[\w\d!#%&'~_`><@,:/\$\*\+\-\.\^\|\)\(\?\}\{\=]"
 _CookiePattern = re.compile(
     r"(?x)"                       # This is a Verbose pattern
     r"(?P<key>"                   # Start of group 'key'
     ""+ _LegalCharsPatt +"+?"     # Any word of at least one letter, nongreedy
     r")"                          # End of group 'key'
+    r"("                          # Optional group: there may not be a value.
     r"\s*=\s*"                    # Equal Sign
     r"(?P<val>"                   # Start of group 'val'
     r'"(?:[^\\"]|\\.)*"'            # Any doublequoted string
     r"|"                            # or
     r"\w{3},\s[\s\w\d-]{9,11}\s[\d:]{8}\sGMT" # Special case for "expires" attr
     r"|"                            # or
     ""+ _LegalCharsPatt +"*"        # Any word or empty string
     r")"                          # End of group 'val'
-    r"\s*;?"                      # Probably ending in a semi-colon
+    r")?"                         # End of optional value group
+    r"\s*"                        # Any number of spaces.
+    r"(\s+|;|$)"                  # Ending either at space, semicolon, or EOS.
     )
 
-
 # At long last, here is the cookie class.
 #   Using this class is almost just like using a dictionary.
 # See this module's docstring for example usage.
 #
 class BaseCookie(dict):
     # A container class for a set of Morsels
     #
 
@@ -651,18 +655,22 @@ class BaseCookie(dict):
             if K[0] == "$":
                 # We ignore attributes which pertain to the cookie
                 # mechanism as a whole.  See RFC 2109.
                 # (Does anyone care?)
                 if M:
                     M[ K[1:] ] = V
             elif K.lower() in Morsel._reserved:
                 if M:
-                    M[ K ] = _unquote(V)
-            else:
+                    if V is None:
+                        if K.lower() in Morsel._flags:
+                            M[K] = True
+                    else:
+                        M[K] = _unquote(V)
+            elif V is not None:
                 rval, cval = self.value_decode(V)
                 self.__set(K, rval, cval)
                 M = self[K]
     # end __ParseString
 # end BaseCookie class
 
 class SimpleCookie(BaseCookie):
     """SimpleCookie
diff --git a/Lib/test/test_cookie.py b/Lib/test/test_cookie.py
--- a/Lib/test/test_cookie.py
+++ b/Lib/test/test_cookie.py
@@ -75,16 +75,61 @@ class CookieTests(unittest.TestCase):
     def test_extended_encode(self):
         # Issue 9824: some browsers don't follow the standard; we now
         # encode , and ; to keep them from tripping up.
         C = Cookie.SimpleCookie()
         C['val'] = "some,funky;stuff"
         self.assertEqual(C.output(['val']),
             'Set-Cookie: val="some\\054funky\\073stuff"')
 
+    def test_set_secure_httponly_attrs(self):
+        C = Cookie.SimpleCookie('Customer="WILE_E_COYOTE"')
+        C['Customer']['secure'] = True
+        C['Customer']['httponly'] = True
+        self.assertEqual(C.output(),
+            'Set-Cookie: Customer="WILE_E_COYOTE"; httponly; secure')
+
+    def test_secure_httponly_false_if_not_present(self):
+        C = Cookie.SimpleCookie()
+        C.load('eggs=scrambled; Path=/bacon')
+        self.assertFalse(C['eggs']['httponly'])
+        self.assertFalse(C['eggs']['secure'])
+
+    def test_secure_httponly_true_if_present(self):
+        # Issue 16611
+        C = Cookie.SimpleCookie()
+        C.load('eggs=scrambled; httponly; secure; Path=/bacon')
+        self.assertTrue(C['eggs']['httponly'])
+        self.assertTrue(C['eggs']['secure'])
+
+    def test_secure_httponly_true_if_have_value(self):
+        # This isn't really valid, but demonstrates what the current code
+        # is expected to do in this case.
+        C = Cookie.SimpleCookie()
+        C.load('eggs=scrambled; httponly=foo; secure=bar; Path=/bacon')
+        self.assertTrue(C['eggs']['httponly'])
+        self.assertTrue(C['eggs']['secure'])
+        # Here is what it actually does; don't depend on this behavior.  These
+        # checks are testing backward compatibility for issue 16611.
+        self.assertEqual(C['eggs']['httponly'], 'foo')
+        self.assertEqual(C['eggs']['secure'], 'bar')
+
+    def test_bad_attrs(self):
+        # issue 16611: make sure we don't break backward compatibility.
+        C = Cookie.SimpleCookie()
+        C.load('cookie=with; invalid; version; second=cookie;')
+        self.assertEqual(C.output(),
+            'Set-Cookie: cookie=with\r\nSet-Cookie: second=cookie')
+
+    def test_extra_spaces(self):
+        C = Cookie.SimpleCookie()
+        C.load('eggs  =  scrambled  ;  secure  ;  path  =  bar   ; foo=foo   ')
+        self.assertEqual(C.output(),
+            'Set-Cookie: eggs=scrambled; Path=bar; secure\r\nSet-Cookie: foo=foo')
+
     def test_quoted_meta(self):
         # Try cookie with quoted meta-data
         C = Cookie.SimpleCookie()
         C.load('Customer="WILE_E_COYOTE"; Version="1"; Path="/acme"')
         self.assertEqual(C['Customer'].value, 'WILE_E_COYOTE')
         self.assertEqual(C['Customer']['version'], '1')
         self.assertEqual(C['Customer']['path'], '/acme')