diff --git a/Yesod/Handler.hs b/Yesod/Handler.hs
index 48a2738f..6533d435 100644
--- a/Yesod/Handler.hs
+++ b/Yesod/Handler.hs
@@ -797,6 +797,7 @@ headerToPair cp getExpires (AddCookie minutes key value) =
                 then Nothing
                 else Just $ getExpires minutes
         , setCookieDomain = Nothing
+        , setCookieHttpOnly = True
         })
 headerToPair cp _ (DeleteCookie key) =
     ( "Set-Cookie"
diff --git a/yesod-core.cabal b/yesod-core.cabal
index bd4672c6..6d1b06fd 100644
--- a/yesod-core.cabal
+++ b/yesod-core.cabal
@@ -1,5 +1,5 @@
 name:            yesod-core
-version:         0.8.3.1
+version:         0.8.3.2
 license:         BSD3
 license-file:    LICENSE
 author:          Michael Snoyman <michael@snoyman.com>
@@ -45,7 +45,7 @@ library
                    , containers                >= 0.2      && < 0.5
                    , monad-control             >= 0.2      && < 0.3
                    , enumerator                >= 0.4.7    && < 0.5
-                   , cookie                    >= 0.2.1    && < 0.3
+                   , cookie                    >= 0.3      && < 0.4
                    , blaze-html                >= 0.4      && < 0.5
                    , http-types                >= 0.6      && < 0.7
                    , case-insensitive          >= 0.2      && < 0.4