diff --git a/Changelog.md b/Changelog.md
index fd450d5b960e2c978e3409557164c28e4ed2ead6..913572c2895874f35d75130672b47c256868ac15 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -3,6 +3,7 @@
 ## Refactor
 * Indicate proper way to report bugs in the sidebar [#7039](https://github.com/diaspora/diaspora/pull/7039)
 * Remove text color from notification mails and fix sender avatar [#7054](https://github.com/diaspora/diaspora/pull/7054)
+* Make the session cookies HttpOnly again [#7041](https://github.com/diaspora/diaspora/pull/7041)
 
 ## Bug fixes
 
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index d2e9c4e292feabf5a7a1d7cddc9400ae52b74e6d..06360f9d2973cb72680fd19a16ab4a6e76397e09 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,3 +1,3 @@
 # Be sure to restart your server when you modify this file.
 
-Diaspora::Application.config.session_store :cookie_store, key: '_diaspora_session', httponly: false
+Diaspora::Application.config.session_store :cookie_store, key: "_diaspora_session", httponly: true