Why does the KEYCLOAK_SESSION cookie in Keycloak does not have HttpOnly flag set in first place as against other cookies?
KEYCLOAK_SESSION
Keycloak
HttpOnly
