From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
domain-mapping
doctrine-query
library-interposition
devise
sqlboiler
invocable
subtotal
android-min-sdk
facet-grid
sel4
aspose.html
url-redirection
pyenchant
unimarc
sql-server-collation
memgraphdb
ed
cryptocurrency-token
jboss7.x
transitive-closure
android-framelayout
dynamics-365-operations
web-folders
factoring
calayer
flatpak
android-unity-plugin
implicit-constructor
dockerpy
jquery-knob