Don't say the HttpOnly attribute is ignored in session config credentials

thefrog-gh · web-flow · commit b1b5925c1809 · 2025-03-06T16:12:30.000-05:00
diff --git a/README.md b/README.md
@@ -230,7 +230,7 @@ Set-Cookie: auth_cookie=abcdef0123; Domain=example.com; Max-Age=600; Secure; Htt
     // response.
     "name": "auth_cookie",
     "attributes": "Domain=example.com; Path=/; Secure; SameSite=None"
-    // Attributes Max-Age, Expires and HttpOnly are ignored
+    // Attributes Max-Age and Expires are ignored
   }]
 }
 ```

Original file line number	Diff line number	Diff line change
`@@ -230,7 +230,7 @@ Set-Cookie: auth_cookie=abcdef0123; Domain=example.com; Max-Age=600; Secure; Htt`
`230`	`230`	`// response.`
`231`	`231`	`"name": "auth_cookie",`
`232`	`232`	`"attributes": "Domain=example.com; Path=/; Secure; SameSite=None"`
`233`		`- // Attributes Max-Age, Expires and HttpOnly are ignored`
	`233`	`+ // Attributes Max-Age and Expires are ignored`
`234`	`234`	`}]`
`235`	`235`	`}`
`236`	`236`	```