diff --git a/config/session.php b/config/session.php
index bfb16513b..ab762f221 100644
--- a/config/session.php
+++ b/config/session.php
@@ -137,6 +137,19 @@ return [
 
     'domain' => null,
 
+    /*
+    |--------------------------------------------------------------------------
+    | HTTP Access Only
+    |--------------------------------------------------------------------------
+    |
+    | Setting this value to true will prevent JavaScript from accessing the
+    | value of the cookie and the cookie will only be accessible through
+    | the HTTP protocol. You are free to modify this option if needed.
+    |
+    */
+    
+    'http_only' => true,
+
     /*
     |--------------------------------------------------------------------------
     | HTTPS Only Cookies
diff --git a/modules/backend/classes/Controller.php b/modules/backend/classes/Controller.php
index 01ac494f5..c4e64b6ba 100644
--- a/modules/backend/classes/Controller.php
+++ b/modules/backend/classes/Controller.php
@@ -277,6 +277,7 @@ class Controller extends ControllerBase
         if ($ajaxResponse = $this->execAjaxHandlers()) {
             $result = $ajaxResponse;
         }
+
         /*
          * Execute postback handler
          */
@@ -287,6 +288,7 @@ class Controller extends ControllerBase
         ) {
             $result = $handlerResponse;
         }
+
         /*
          * Execute page action
          */