From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
diamond-operator
wasmtime
dvd
rcharts
linux-kernel
unisharp-file-manager
php-pgsql
gnu-findutils
jdk1.5
laravel-6
apache-zookeeper
iraf
mpfr
the-little-schemer
sonarqube-5.0
sequence-alignment
pyflink
search
binary-emulation
sortedcontainers
googlesheets4
risk-analysis
redisgraph
empty-list
fastlane-match
android-10.0
openerp-8
automated-tests
screencast
apoc
