--- pcs-0.9.137/pcsd/pcsd.rb.secure_fix        2015-03-30 13:48:50.209887370 -0500
+++ pcs-0.9.137/pcsd/pcsd.rb   2015-03-30 13:50:47.321660377 -0500
@@ -32,7 +32,9 @@ end
 
 use Rack::Session::Cookie,
   :expire_after => 60 * 60,
-  :secret => secret
+  :secret => secret,
+  :secure => true, # only send over HTTPS
+  :httponly => true # don't provide to javascript
 
 #use Rack::SSL
 
@@ -46,8 +48,6 @@ also_reload 'pcs.rb'
 also_reload 'auth.rb'
 also_reload 'wizard.rb'
 
-enable :sessions
-
 before do
   $session = session
   $cookies = cookies