HttpOnly Cookies

HttpOnly cookies are cookies that cannot be accessed through client-side JavaScript, providing protection against XSS attacks attempting to steal session tokens. This attribute ensures that even if an attacker manages to execute malicious scripts, they cannot directly access these cookies. It's a crucial security measure for session management and authentication.