Add session cookie httponly and set it to true.

resources/captcha/config.php

@@ -63,7 +63,7 @@ $pathtofonts = "/captcha/fonts/"; //path from the root of the website
     //add this to the top of the page where the form is submitted to
 
         //--- begin captcha verification ---------------------
-          //session_start(); //make sure sessions are started
+          //ini_set("session.cookie_httponly", True); session_start(); //make sure sessions are started
           if (strtolower($_SESSION["captcha"]) != strtolower($_REQUEST["captcha"]) || strlen($_SESSION["captcha"]) == 0) {
 
               echo "       <span class=\"h2\">Sorry!</span>\n";

resources/captcha/img.php

@@ -26,8 +26,10 @@
 include "root.php";
 require_once "config.php";
 error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING ); //hide notices and warnings
-session_start();
 
+//start the session
+ini_set("session.cookie_httponly", True);
+session_start();
 
 // Captcha verification image -----------------------
 // Description this page is used to verify the captcha