Cookies options HttpOnly is now sets to TRUE, resolving a
possible XSS vulnerability.