Secure Cookies explained

the idea is that secure cookies marked as httpOnly cannot be accessed from JavaScript