How do HttpOnly cookies work with AJAX requests?

Question

JavaScript needs access to cookies if AJAX is used on a site with access restrictions based on cookies. Will HttpOnly cookies work on an AJAX site?

Edit: M

Answer 1

No, the page that the AJAX call requests has access to cookies too & that's what checks whether you're logged in.

You can do other authentication with the Javascript, but I wouldn't trust it, I always prefer putting any sort of authentication checking in the back-end.