Difference between max-age and expires cookies

http://mrcoles.com/blog/cookies-max-age-vs-expires/

• Expires sets an expiry date for when a cookie gets deleted
• Max-age sets the time in seconds for when a cookie will be deleted
• Internet Explorer (ie6, ie7, and ie8) does not support “max-age”, while (mostly) all browsers support expires

http://blogs.msdn.com/b/ieinternals/archive/2009/08/20/wininet-ie-cookie-internals-faq.aspx

http://www.adobe.com/devnet/coldfusion/articles/coldfusion-securing-apps.html

Any cookies that you create with the httponly attribute will not be present in JavaScript's document.cookievariable on browsers where HttpOnly is supported. Browsers will still send HttpOnly cookies when making AJAX calls or XMLHttpRequest calls, however their values still cannot be accessed from your JavaScript code.