The short answer to the OP's question is, "No, your cookies are not secure because you're only passing the first three parameters to the setcookie function. The other parameters are really important and should not be ignored"…
bool setcookie ( string $name [, string $value = "" [, int $expire = 0 [, string $path = "" [, string $domain = "" [, bool $secure = false [, bool $httponly = false ]]]]]] )
$path – You'll probably want to set to '/' since you probably need your cookie available on all pages on your site.
$domain – I'm not sure if you're using a subdomain, but set it to the