From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests. If an attacker is able to
nom
aurelia-templating
preprocessor
sql-merge
bitvector
http-error
protoc-gen-openapiv2
iaca
css-variables
energysmart
object-destructuring
qheaderview
apache-tika
detailslist
dotconnect
opencart-3
jar
quasiquotes
dtplyr
drop-table
template-meta-programming
rtweet
datagridviewcombobox
ui-automation
count-unique
incredibuild
flutter-ignore-pointer
barrier
akka.net
postman-pre-request-script
