diff --git a/gluon/globals.py b/gluon/globals.py
index 23f704b0..3fbe42ba 100644
--- a/gluon/globals.py
+++ b/gluon/globals.py
@@ -1029,7 +1029,7 @@ class Session(Storage):
         if self._forget:
             del rcookies[response.session_id_name]
             return
-        if not self._js_cookies:
+        if self.get('httponly_cookies',True):
             scookies['HttpOnly'] = True
         if self._secure:
             scookies['secure'] = True