All newly issued authentication cookies have the flag "httponly"
set now. This makes the cookie values inaccessible from scripts
cookie against some sorts of cookie stealing attempts.
See https://www.owasp.org/index.php/HttpOnly for details.
To the list of all Werks