From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
data-binding
git-revert
jsm
fc
tinymce-3
git-archive
wcf-binding
nslayoutmanager
picard
cleditor
backwards-compatibility
msdn
struts2
pmd
cmark
return-by-reference
train-test-split
cub
faraday
vaadin20
parallel-collections
cordova-win10
arcore
atg
junit5-extension-model
drive
immutable-x
google-cloud-translate
azure-application-gateway
ondrawitem
