diff --git a/controllers/users.go b/controllers/users.go
index b674edb..882bcd6 100644
--- a/controllers/users.go
+++ b/controllers/users.go
@@ -60,9 +60,10 @@ func (u Users) PostSignin(w http.ResponseWriter, r *http.Request) {
 
 	// Bad cookie
 	cookie := http.Cookie{
-		Name:  "bad",
-		Value: user.Email,
-		Path:  "/",
+		Name:     "bad",
+		Value:    user.Email,
+		Path:     "/",
+		HttpOnly: true,
 	}
 	http.SetCookie(w, &cookie)