In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set.

Cookie: TSWAAuthClientSideCookie

HTTP Response:

HTTP/2 200 OK

Cache-Control: no-cache

Pragma: no-cache

Content-Type: text/xml; charset=utf-8

Expires: -1

Server: Microsoft-IIS/10.0

Set-Cookie: TSWAFeatureCheckCookie=true; path=/RDWeb/

Set-Cookie: TSWAAuthClientSideCookie=Name=test&MachineType=private&WorkSpaceID=XX; expires=Sat, 25-May-2024 06:39:35 GMT; path=/; secure

Set-Cookie: TSWAAuthHttpOnlyCookie=; expires=Mon, 11-Oct-1999 14:00:00 GMT; path=/; secure; HttpOnly

Date: Sun, 29 Aug 2021 06:39:35 GMT

Content-Length: 14764