diff --git a/app/edit/filelist.php b/app/edit/filelist.php
index 619a17ed5b..8f73c91662 100644
--- a/app/edit/filelist.php
+++ b/app/edit/filelist.php
@@ -233,6 +233,8 @@ echo "\n";
 echo "      <TABLE BORDER=0 cellpadding='0' cellspacing='0'><TR><TD><a href='javascript:void(0);' onclick=\"if (typeof(clipwin)!='undefined') { clipwin.close(); } clipwin = window.open('fileoptions.php?folder=".urlencode($_SERVER["DOCUMENT_ROOT"])."','null','left=20,top=20,width=310,height=300,toolbar=0,resizable=0');\" style='text-decoration:none;' title=''><IMG SRC=\"images/folder.gif\" border='0'> ".$text['label-files']." </a><DIV style=''>\n"; //display:none
 //echo "      <TABLE BORDER=0 cellpadding='0' cellspacing='0'><TR><TD><A onClick=\"Toggle(this)\"><IMG SRC=\"images/plus.gif\"> <IMG SRC=\"images/folder.gif\"> Files </A><DIV style=''>\n"; //display:none
 
+//start the session
+ini_set("session.cookie_httponly", True);
 session_start();
 if ($_SESSION["app"]["edit"]["dir"] == "scripts") {
 	echo recur_dir($_SESSION['switch']['scripts']['dir']);
diff --git a/app/edit/fileoptionslist.php b/app/edit/fileoptionslist.php
index 19374b0e9b..a7154e3dca 100644
--- a/app/edit/fileoptionslist.php
+++ b/app/edit/fileoptionslist.php
@@ -228,6 +228,7 @@ echo "      <TABLE BORDER=0 cellpadding='0' cellspacing='0'><TR><TD><IMG SRC=\"i
 //echo "</DIV></TD></TR></TABLE>\n";
 //echo "</DIV></TD></TR></TABLE>\n";
 
+ini_set("session.cookie_httponly", True);
 session_start();
 if ($_SESSION["app"]["edit"]["dir"] == "scripts") {
 	echo recur_dir($_SESSION['switch']['scripts']['dir']);
diff --git a/core/users/signup.php b/core/users/signup.php
index 9d00b2d919..daef10e19e 100644
--- a/core/users/signup.php
+++ b/core/users/signup.php
@@ -82,7 +82,7 @@ if (count($_POST) > 0 && check_str($_POST["persistform"]) != "1") {
 	$msg = '';
 
 	//--- begin captcha verification ---------------------
-		//session_start(); //make sure sessions are started
+		//ini_set("session.cookie_httponly", True); //session_start(); //make sure sessions are started
 		if (strtolower($_SESSION["captcha"]) != strtolower($_REQUEST["captcha"]) || strlen($_SESSION["captcha"]) == 0) {
 			//$msg .= "Captcha Verification Failed<br>\n";
 		}
diff --git a/index.php b/index.php
index 936ef17ed5..e51ddf72ea 100644
--- a/index.php
+++ b/index.php
@@ -26,6 +26,7 @@
 include "root.php";
 
 // start the session
+	ini_set("session.cookie_httponly", True);
 	session_start();
 
 //if config.php file does not exist then redirect to the install page
diff --git a/login.php b/login.php
index 936ed96698..0a9a01a7c6 100644
--- a/login.php
+++ b/login.php
@@ -26,6 +26,7 @@
 include "root.php";
 
 //start session
+	ini_set("session.cookie_httponly", True);
 	session_start();
 
 //retain message
diff --git a/resources/captcha/config.php b/resources/captcha/config.php
index cef6fe3f95..9c64704372 100644
--- a/resources/captcha/config.php
+++ b/resources/captcha/config.php
@@ -63,7 +63,7 @@ $pathtofonts = "/captcha/fonts/"; //path from the root of the website
     //add this to the top of the page where the form is submitted to
 
         //--- begin captcha verification ---------------------
-          //session_start(); //make sure sessions are started
+          //ini_set("session.cookie_httponly", True); session_start(); //make sure sessions are started
           if (strtolower($_SESSION["captcha"]) != strtolower($_REQUEST["captcha"]) || strlen($_SESSION["captcha"]) == 0) {
 
               echo "       <span class=\"h2\">Sorry!</span>\n";
diff --git a/resources/captcha/img.php b/resources/captcha/img.php
index ab2964af8c..10671c5ffd 100644
--- a/resources/captcha/img.php
+++ b/resources/captcha/img.php
@@ -26,8 +26,10 @@
 include "root.php";
 require_once "config.php";
 error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings
-session_start();
 
+//start the session
+ini_set("session.cookie_httponly", True);
+session_start();
 
 // Captcha verification image -----------------------
 // Description this page is used to verify the captcha
diff --git a/resources/check_auth.php b/resources/check_auth.php
index 9e4f75febd..0fd7825b42 100644
--- a/resources/check_auth.php
+++ b/resources/check_auth.php
@@ -31,6 +31,7 @@ require_once "resources/require.php";
 	}
 
 //start the session
+	ini_set("session.cookie_httponly", True);
 	session_start();
 
 //if the username session is not set the check username and password
diff --git a/resources/functions.php b/resources/functions.php
index b0cc551639..bd3b8bc406 100644
--- a/resources/functions.php
+++ b/resources/functions.php
@@ -156,13 +156,13 @@
 				//$this->write_debug($cmd);
 				exec ($cmd);
 			}
-		}elseif(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN'){
+		} elseif(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
 			function recursive_copy($src, $dst, $options = '') {
 				$src = normalize_path_to_os($src);
 				$dst = normalize_path_to_os($dst);
 				exec("xcopy /E /Y \"$src\" \"$dst\"");
 			}
-		}else{
+		} else {
 			function recursive_copy($src, $dst, $options = '') {
 				$dir = opendir($src);
 				if (!$dir) {
diff --git a/resources/php.php b/resources/php.php
index 7ab3bf6a96..981c272c49 100644
--- a/resources/php.php
+++ b/resources/php.php
@@ -29,6 +29,7 @@
 
 	//session handling
 		//start the session
+			ini_set("session.cookie_httponly", True);
 			session_start();
 		//regenerate sessions to avoid session id attacks such as session fixation
 			if ($_SESSION['security']['session_rotate']['boolean'] == "true") {