diff --git a/factor/token/classes/factor.php b/factor/token/classes/factor.php
index 39c2576b..ef156dc3 100644
--- a/factor/token/classes/factor.php
+++ b/factor/token/classes/factor.php
@@ -194,7 +194,9 @@ public function post_pass_state() {
         $secretmanager->create_secret($expiry, false, $secret);
 
         // All the prep is now done, we can set this cookie.
-        setcookie($cookie, $secret, $expirytime, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, false, true);
+        $cookiesecure = 1 == get_config('core', 'cookiesecure');
+        $cookiehttponly = 1 == get_config('core', 'cookiehttponly');
+        setcookie($cookie, $secret, $expirytime, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $cookiesecure, $cookiehttponly);
 
         // Finally emit a log event for storing the cookie.
         $state = [