That is just the destination_url cookie, used only during the login flow to store where the user wanted to go, so we can send him there after the login. And since it’s read on the EmberJS app for routing, it can’t contain the HTTP_ONLY flag.
You can learn more about all cookies in Discourse at List of cookies used by Discourse