We tested it and the cookie does not have the HttpOnly Attribute.