Dear Auth0 Support Team,
I am writing to inquire about the possibility of using HttpOnly cookies for authentication in my application that uses Auth0. I understand that Auth0 currently uses a combination of both HttpOnly and Secure cookies for authentication and session management.
I am interested in using HttpOnly cookies as an additional layer of security to prevent cross-site scripting (XSS) attacks and to be compliant with certain regulations. I understand that HttpOnly cookies are only accessible via the HTTP protocol and cannot be accessed or modified by client-side scripts.
I would appreciate it if you could let me know if it is possible to use HttpOnly cookies instead of the current Secure cookies for authentication in my application. If so, could you please provide me with any necessary steps or guidelines for implementing this change?
Thank you for your time and assistance.