== Ask Yourself Whether

* the cookie is sensitive, used to authenticate the user, for instance a _session-cookie_ 
* the ``++HttpOnly++`` attribute offer an additional protection (not the case for an _XSRF-TOKEN cookie_ / CSRF token for example)

There is a risk if you answered yes to any of those questions.