Can a user read my session cookies?
No.
JavaScript Warning
When you create a landing page you can also use JavaScript code. When you have a free account the landing page will have an URL like this http://free.qrplanet.com/your-landing-page. When another user creates a landing page with JavaScript code and you call his URL e.g. http://free.qrplanet.com/another-landing-page when you are logged in a warning will be displayed to protect your account from cookies being stolen.
HttpOnly Cookie
Sensitive cookies like session cookies are protected with HttpOnly. An HttpOnly Cookie prevents client-side scripts from accessing data.