From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
react-18
ora-04091
uistatusbar
adabas
jtds
winbugs
mobile-security
fuzzyfinder
activity-diagram
detection
tiny-tds
pywavelets
subobject
domain-driven-design
proxy-protocol
django-compressor
django-autocomplete-light
maven-module
nelmioapidocbundle
react-image
checked
developer-console
dr.racket
cil
php-phantomjs
excel-4.0
revit-2015
nestedrecyclerview
bea
first-order-logic
