diff --git a/r2/r2/controllers/reddit_base.py b/r2/r2/controllers/reddit_base.py
index 71b633624..df8ef3c25 100644
--- a/r2/r2/controllers/reddit_base.py
+++ b/r2/r2/controllers/reddit_base.py
@@ -792,7 +792,8 @@ class RedditController(MinimalController):
     @staticmethod
     def login(user, rem=False):
         c.cookies[g.login_cookie] = Cookie(value = user.make_cookie(),
-                                           expires = NEVER if rem else None)
+                                           expires = NEVER if rem else None,
+                                           httponly=True)
 
     @staticmethod
     def logout():