Fixed #23149 -- Clarified note on HTTPOnly in cookie-based session docs

docs/topics/http/sessions.txt

@@ -124,7 +124,7 @@ and the :setting:`SECRET_KEY` setting.
 .. note::
 
     It's recommended to leave the :setting:`SESSION_COOKIE_HTTPONLY` setting
-    ``True`` to prevent tampering of the stored data from JavaScript.
+    on ``True`` to prevent access to the stored data from JavaScript.
 
 .. warning::