--- loncom/auth/publiccheck.pm	2014/12/01 22:52:54	1.24
+++ loncom/auth/publiccheck.pm	2017/06/06 22:37:18	1.24.2.1
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: publiccheck.pm,v 1.24 2014/12/01 22:52:54 raeburn Exp $
+# $Id: publiccheck.pm,v 1.24.2.1 2017/06/06 22:37:18 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -92,7 +92,7 @@ sub process_public {
         my $cookie=&Apache::lonauth::success($r,'public','public','public');
         my $lonidsdir=$r->dir_config('lonIDsDir');
         &Apache::lonnet::transfer_profile_to_env($lonidsdir,$cookie);
-	$r->err_header_out('Set-cookie',"lonID=$cookie; path=/");
+	$r->err_header_out('Set-cookie',"lonID=$cookie; path=/; HttpOnly");
     }
     &Apache::lonacc::get_posted_cgi($r);
     $env{'request.state'} = "published";