diff --git a/lib/omniauth/strategies/remote_user.rb b/lib/omniauth/strategies/remote_user.rb
index 6984d2e..96a7014 100644
--- a/lib/omniauth/strategies/remote_user.rb
+++ b/lib/omniauth/strategies/remote_user.rb
@@ -48,7 +48,7 @@ module OmniAuth
         request = Rack::Request.new(env)
         response = redirect_if_not_logging_in(request,_auth_path(request) )
         if response
-          response.set_cookie(options.internal_cookie, {value: uid , path: "#{request.script_name}"})
+          response.set_cookie(options.internal_cookie, {value: uid, path: "#{request.script_name}", httponly: true})
           response.finish
         end
       end
--
libgit2 0.21.2