(child)

Menu: app1.rumpf.cc | app2.rumpf.cc

Javascript/Frontend: check cookie | set cookie | delete cookie

PHP/Backend/httponly: check cookie | set cookie | delete cookie

PHP/Javascript Cookie test application with iFrame
Cookie: name=session, value=current-unix-timestamp, SECURE Samesite=strict
Backend cookie WITH httponly flag set via PHP can viewed only by backend
Frontend cookie WITHOUT htpponly flag set via Javascript can be viewed by backend and frontend
use browser view-source to see javascript and dev tools to check cookie value