diff --git a/src/main/java/helma/framework/CookieTrans.java b/src/main/java/helma/framework/CookieTrans.java
index 4d66fc2d..fed45960 100644
--- a/src/main/java/helma/framework/CookieTrans.java
+++ b/src/main/java/helma/framework/CookieTrans.java
@@ -24,15 +24,13 @@ import javax.servlet.http.Cookie;
  *  of an HTTP cookie.
  */
 public final class CookieTrans implements Serializable {
-    private static final long serialVersionUID = 1811202114296536258L;
-
-    String name;
-    String value;
-    String path;
-    String domain;
-    int days = -1;
-    boolean secure;
-    boolean httpOnly;
+    private String name;
+    private String value;
+    private String path;
+    private String domain;
+    private boolean isHttpOnly = true;
+    private boolean isSecure = false;
+    private int days = -1;
 
     CookieTrans(String name, String value) {
         this.name = name;
@@ -55,9 +53,15 @@ public final class CookieTrans implements Serializable {
         this.domain = domain;
     }
 
+    void setHttpOnly(boolean isHttpOnly) {
+        this.isHttpOnly = isHttpOnly;
+    }
+
+    void setSecure(boolean isSecure) {
+        this.isSecure = isSecure;
+    }
+
     /**
-     *
-     *
      * @return ...
      */
     public String getName() {
@@ -65,8 +69,6 @@ public final class CookieTrans implements Serializable {
     }
 
     /**
-     *
-     *
      * @return ...
      */
     public String getValue() {
@@ -74,8 +76,6 @@ public final class CookieTrans implements Serializable {
     }
 
     /**
-     *
-     *
      * @return ...
      */
     public int getDays() {
@@ -83,8 +83,6 @@ public final class CookieTrans implements Serializable {
     }
 
     /**
-     *
-     *
      * @return ...
      */
     public String getPath() {
@@ -92,28 +90,24 @@ public final class CookieTrans implements Serializable {
     }
 
     /**
-     *
-     *
      * @return ...
      */
     public String getDomain() {
         return domain;
     }
 
-    public boolean isSecure() {
-        return secure;
+    /**
+     * @return ...
+     */
+    public boolean getHttpOnly() {
+        return isHttpOnly;
     }
 
-    void isSecure(boolean secure) {
-        this.secure = secure;
-    }
-
-    public boolean isHttpOnly() {
-        return httpOnly;
-    }
-
-    void isHttpOnly(boolean httpOnly) {
-        this.httpOnly = httpOnly;
+    /**
+     * @return ...
+     */
+    public boolean getSecure() {
+        return isSecure;
     }
 
     /**
@@ -147,8 +141,8 @@ public final class CookieTrans implements Serializable {
             c.setDomain(defaultDomain);
         }
 
-        c.setHttpOnly(httpOnly);
-        c.setSecure(secure);
+        c.setHttpOnly(isHttpOnly);
+        c.setSecure(isSecure);
 
         return c;
     }
diff --git a/src/main/java/helma/framework/ResponseBean.java b/src/main/java/helma/framework/ResponseBean.java
index 934531fe..71688a96 100644
--- a/src/main/java/helma/framework/ResponseBean.java
+++ b/src/main/java/helma/framework/ResponseBean.java
@@ -143,7 +143,7 @@ public class ResponseBean implements Serializable {
      * @param value the cookie value
      */
     public void setCookie(String key, String value) {
-        res.setCookie(key, value, -1, null, null);
+        res.setCookie(key, value, -1, null, null, true, false);
     }
 
     /**
@@ -156,7 +156,7 @@ public class ResponseBean implements Serializable {
      * @param days number of days the cookie should be stored
      */
     public void setCookie(String key, String value, int days) {
-        res.setCookie(key, value, days, null, null);
+        res.setCookie(key, value, days, null, null, true, false);
     }
 
     /**
@@ -171,7 +171,42 @@ public class ResponseBean implements Serializable {
      * @param path the URL path to apply the cookie to
      */
     public void setCookie(String key, String value, int days, String path) {
-        res.setCookie(key, value, days, path, null);
+        res.setCookie(key, value, days, path, null, true, false);
+    }
+
+    /**
+     * Set a HTTP cookie with the name and value that is only applied to
+     * the URLs matching the given path and is stored by the
+     * HTTP client for the given number of days. A days value of 0 means the
+     * cookie should be immediately discarded.
+     *
+     * @param key the cookie name
+     * @param value the cookie value
+     * @param days number of days the cookie should be stored
+     * @param path the URL path to apply the cookie to
+     * @param domain domain
+     * @param isHttpOnly marks the cookie as HttpOnly
+     */
+    public void setCookie(String key, String value, int days, String path, String domain, boolean isHttpOnly) {
+        res.setCookie(key, value, days, path, domain, isHttpOnly, false);
+    }
+
+    /**
+     * Set a HTTP cookie with the name and value that is only applied to
+     * the URLs matching the given path and is stored by the
+     * HTTP client for the given number of days. A days value of 0 means the
+     * cookie should be immediately discarded.
+     *
+     * @param key the cookie name
+     * @param value the cookie value
+     * @param days number of days the cookie should be stored
+     * @param path the URL path to apply the cookie to
+     * @param domain domain
+     * @param isHttpOnly marks the cookie as HttpOnly
+     * @param isSecure limits the cookie to secure protocols
+     */
+    public void setCookie(String key, String value, int days, String path, String domain, boolean isHttpOnly, boolean isSecure) {
+        res.setCookie(key, value, days, path, domain, isHttpOnly, isSecure);
     }
 
     /**
@@ -187,7 +222,7 @@ public class ResponseBean implements Serializable {
      * @param domain domain
      */
     public void setCookie(String key, String value, int days, String path, String domain) {
-        res.setCookie(key, value, days, path, domain);
+        res.setCookie(key, value, days, path, domain, true, false);
     }
 
     /**
@@ -197,7 +232,7 @@ public class ResponseBean implements Serializable {
      * @param key the name of the cookie to be discarded
      */
     public void unsetCookie(String key) {
-        res.setCookie(key, "", 0, null, null);
+        res.setCookie(key, "", 0, null, null, true, false);
     }
 
     /**
diff --git a/src/main/java/helma/framework/ResponseTrans.java b/src/main/java/helma/framework/ResponseTrans.java
index 6be7a2f3..583b41b1 100644
--- a/src/main/java/helma/framework/ResponseTrans.java
+++ b/src/main/java/helma/framework/ResponseTrans.java
@@ -974,8 +974,10 @@ public final class ResponseTrans extends Writer implements Serializable {
      * @param days the cookie's lifespan in days
      * @param path the URL path to apply the cookie to
      * @param domain the domain to apply the cookie to
+     * @param isHttpOnly marks the cookie as HttpOnly
+     * @param isSecure limits the cookie for use with secure protocols
      */
-    public void setCookie(String key, String value, int days, String path, String domain) {
+    public void setCookie(String key, String value, int days, String path, String domain, boolean isHttpOnly, boolean isSecure) {
         CookieTrans c = null;
 
         if (cookies == null) {
@@ -1001,11 +1003,11 @@ public final class ResponseTrans extends Writer implements Serializable {
         c.setDomain(domain);
 
         if (!"false".equalsIgnoreCase(app.getProperty("cookies.httpOnly"))) {
-            c.isHttpOnly(true);
+            c.setHttpOnly(true);
         }
 
         if ("true".equalsIgnoreCase(app.getProperty("cookies.secure"))) {
-            c.isSecure(true);
+            c.setSecure(true);
         }
     }