diff --git a/core/Cookie.php b/core/Cookie.php
index 370e1ece8..ea2c8a0bc 100755
--- a/core/Cookie.php
+++ b/core/Cookie.php
@@ -22,15 +22,16 @@ class Cookie {
 		if(!headers_sent($file, $line)) {
 			$expiry = $expiryDays > 0 ? time()+(86400*$expiryDays) : 0;
 			$path = ($path) ? $path : Director::baseURL();
+
 			// Versions of PHP prior to 5.2 do not support the $httpOnly value
-			if(version_compare(phpversion(), 5.2, '<'))
+			if(version_compare(phpversion(), 5.2, '<')) {
 				setcookie($name, $value, $expiry, $path, $domain, $secure);
-			else
+			} else {
 				setcookie($name, $value, $expiry, $path, $domain, $secure, $httpOnly);
+			}
 		} else {
 			if(self::$report_errors) user_error("Cookie '$name' can't be set. The site started outputting was content at line $line in $file", E_USER_WARNING);
 		}
-		$_COOKIE[$name] = $value;
 	}
 	
 	/**
@@ -54,4 +55,4 @@ class Cookie {
 	}
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/core/control/Controller.php b/core/control/Controller.php
index 4dfe75429..2071c5731 100755
--- a/core/control/Controller.php
+++ b/core/control/Controller.php
@@ -81,7 +81,7 @@ class Controller extends RequestHandler {
 		if(Session::get('loggedInAs') && Security::database_is_ready()) {
 			$member = Member::currentUser();
 			if($member) {
-				if(!headers_sent()) Cookie::set("PastMember", true);
+				Cookie::set("PastMember", true, 90, null, null, false, true);
 				DB::query("UPDATE \"Member\" SET \"LastVisited\" = " . DB::getConn()->now() . " WHERE \"ID\" = $member->ID", null);
 			}
 		}
diff --git a/security/Member.php b/security/Member.php
index c5b157cc6..d18cc9837 100755
--- a/security/Member.php
+++ b/security/Member.php
@@ -312,7 +312,6 @@ class Member extends DataObject {
 		if($remember) {
 			$token = substr(md5(uniqid(rand(), true)), 0, 49 - strlen($this->ID));
 			$this->RememberLoginToken = $token;
-			// Set cookie (with HTTPOnly flag if running on PHP 5.2 or newer)
 			Cookie::set('alc_enc', $this->ID . ':' . $token, 90, null, null, null, true);
 		} else {
 			$this->RememberLoginToken = null;
@@ -378,11 +377,11 @@ class Member extends DataObject {
 				self::session_regenerate_id();
 				Session::set("loggedInAs", $member->ID);
 				// This lets apache rules detect whether the user has logged in
-				if(self::$login_marker_cookie) Cookie::set(self::$login_marker_cookie, 1, 0);
+				if(self::$login_marker_cookie) Cookie::set(self::$login_marker_cookie, 1, 0, null, null, false, true);
 
 				$token = substr(md5(uniqid(rand(), true)), 0, 49 - strlen($member->ID));
 				$member->RememberLoginToken = $token;
-				Cookie::set('alc_enc', $member->ID . ':' . $token, 90, null, null, null, true);
+				Cookie::set('alc_enc', $member->ID . ':' . $token, 90, null, null, false, true);
 
 				$member->NumVisit++;
 				$member->write();