I'm using cookies for most important details like tokens. They are secure and httpOnly. I have a few more details to save on the client side. Like, once the user logs in, I'm storing the userType (customer | internal user) and a few flags that are set true/false. I'm storing these additional details in the local storage because they are being used by the client for some basic tasks. Is it a good idea to move them to Cookies keeping their httpOnly : false (as the browser JS can only access cookies without httpOnly) ?
Cookies are transferred by the client to the server on every request. If the data being transferred is something that the server frequently has to access - like a session cookie, so that the server can easily tie a given request with a particular user and their credentials/settings - that's the perfect situation for using a cookie. httpOnly makes it more secure because only the server can read it.
If the data you want to store is not often read by the server, then cookies may not be the right choice, because cookies get sent by the client on every request; putting the data into cookies could be resulting in unnecessary overhead.
For data that the client needs to send that's security sensitive, like a session token, I'd recommend cookies with httpOnly, because that'll make possible XSS attacks much more difficult to execute.
For data that isn't security sensitive - like layout preferences - storing it in Local Storage will definitely make more sense if the data is only read/written by the client.
For your situation, consider whether the userType and other flags are essential to keep secret - it sounds like they may not be. Then, if they're only used by the client, Local Storage is the more appropriate choice. If the server does occasionally need use of them, you could put it into non-httpOnly cookies - or not, whatever makes your workflow easier.