diff --git a/index.php b/index.php
index 75e63b2e58..f381721965 100644
--- a/index.php
+++ b/index.php
@@ -43,6 +43,7 @@
     ini_set('session.cookie_secure', 'On');
 }
 
+ini_set('session.cookie_httponly', 1);
 ini_set('open_basedir', ROOT_PATH . PATH_SEPARATOR  . $tmp_dir . PATH_SEPARATOR . '/proc/stat');
 
 // Get the directory the user is trying to access