diff --git a/workflow/engine/classes/triggers/api/Zimbra.php b/workflow/engine/classes/triggers/api/Zimbra.php
index eb30e3c7e..f9ec5f626 100644
--- a/workflow/engine/classes/triggers/api/Zimbra.php
+++ b/workflow/engine/classes/triggers/api/Zimbra.php
@@ -90,7 +90,7 @@ class Zimbra
     {
         if ($this->_username) {
             if (PHP_VERSION < 5.2) {
-                setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu");
+                setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu", "; HttpOnly");
             } else {
                 setcookie("ZM_SKIN", "plymouth", time() + (60 * 60 * 24 * 30), "/", ".plymouth.edu", false, true);
             }
diff --git a/workflow/engine/src/ProcessMaker/Core/System.php b/workflow/engine/src/ProcessMaker/Core/System.php
index a30cbefd5..103c90992 100644
--- a/workflow/engine/src/ProcessMaker/Core/System.php
+++ b/workflow/engine/src/ProcessMaker/Core/System.php
@@ -94,7 +94,7 @@ class System
         'path' => '/',
         'domain' => '',
         'secure' => false,
-        'httponly' => false,
+        'httponly' => true,
         'samesite' => ''
     ];