diff --git a/app.js b/app.js
index 930191ce4..36cfe64a3 100644
--- a/app.js
+++ b/app.js
@@ -139,7 +139,9 @@ app.use(session({
   saveUninitialized: true, // always create session to ensure the origin
   rolling: true, // reset maxAge on every response
   cookie: {
-    maxAge: config.sessionLife
+    maxAge: config.sessionLife,
+    sameSite: true,
+    secure: config.useSSL || config.protocolUseSSL || false
   },
   store: sessionStore
 }))