diff --git a/core/app/Class-System.php b/core/app/Class-System.php
index e34d5d38..85728aa1 100644
--- a/core/app/Class-System.php
+++ b/core/app/Class-System.php
@@ -265,7 +265,7 @@ protected static function init_user()
 			{
 				loadSource('Subs-Auth');
 				$cookie_url = url_parts(!empty($settings['localCookies']), !empty($settings['globalCookies']));
-				setcookie('guest_skin', '', time() - 3600, $cookie_url[1], $cookie_url[0], 0);
+				setcookie('guest_skin', '', time() - 3600, $cookie_url[1], $cookie_url[0], 0, true);
 			}
 		}
 
diff --git a/core/app/Load.php b/core/app/Load.php
index f5f73f66..f4284b7e 100644
--- a/core/app/Load.php
+++ b/core/app/Load.php
@@ -2220,6 +2220,7 @@ function loadSession()
 	ini_set('url_rewriter.tags', '');
 	ini_set('session.use_trans_sid', false);
 	ini_set('arg_separator.output', '&');
+	ini_set('session.cookie_httponly', 1);
 
 	if (!empty($settings['globalCookies']))
 	{
diff --git a/core/app/Themes.php b/core/app/Themes.php
index 3f2018b1..c810e68b 100644
--- a/core/app/Themes.php
+++ b/core/app/Themes.php
@@ -278,7 +278,7 @@ function PickTheme()
 		{
 			loadSource('Subs-Auth');
 			$cookie_url = url_parts(!empty($settings['localCookies']), !empty($settings['globalCookies']));
-			setcookie('guest_skin', $skin, $skin ? time() + 3600 * 24 * 365 : time() - 3600, $cookie_url[1], $cookie_url[0], 0);
+			setcookie('guest_skin', $skin, $skin ? time() + 3600 * 24 * 365 : time() - 3600, $cookie_url[1], $cookie_url[0], 0, true);
 			redirectexit(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'action=skin');
 		}