diff --git a/backend/src/app/http/session.clj b/backend/src/app/http/session.clj
index a73765956..6b9a566fd 100644
--- a/backend/src/app/http/session.clj
+++ b/backend/src/app/http/session.clj
@@ -53,7 +53,12 @@
 
 (defn- add-cookies
   [response {:keys [id] :as session}]
-  (assoc response :cookies {cookie-name {:path "/" :http-only true :value id}}))
+  (let [cors? (contains? cfg/flags :cors)]
+    (assoc response :cookies {cookie-name {:path "/"
+                                           :http-only true
+                                           :value id
+                                           :same-site (if cors? :none :strict)
+                                           :secure true}})))
 
 (defn- clear-cookies
   [response]