// client did not pass token on URI let's use cookies
if ((!request->restfull) && (request->context != NULL)) {
char cookie[256];
- snprintf (cookie, sizeof (cookie), "%s=%s;path=%s;max-age=%d", COOKIE_NAME, request->uuid, request->config->rootapi,request->config->cntxTimeout);
+ snprintf (cookie, sizeof (cookie), "%s-%d=%s; Path=%s; Max-Age=%d; HttpOnly", COOKIE_NAME, request->config->httpdPort, request->uuid, request->config->rootapi,request->config->cntxTimeout);
MHD_add_response_header (webResponse, MHD_HTTP_HEADER_SET_COOKIE, cookie);
}