Secure Cookies explained the idea is that secure cookies marked as httpOnly cannot be accessed from JavaScript