HttpOnly is an HTTP cookie property originally developed by Microsoft that makes cookies "non-scriptable" - any attempts to access the cookie value through JavaScript will fail. HttpOnly mitigates the threat of session hijacking through cross-site scripting...