diff --git a/app/logical/session_creator.rb b/app/logical/session_creator.rb
index 8b60032a7..b21c3eb72 100644
--- a/app/logical/session_creator.rb
+++ b/app/logical/session_creator.rb
@@ -18,7 +18,8 @@ class SessionCreator
       if remember.present?
         cookies.permanent.signed[:user_name] = {
           :value => user.name,
-          :secure => secure
+          :secure => secure,
+          :httponly => true
         }
         cookies.permanent[:password_hash] = {
           :value => user.bcrypt_cookie_password_hash,