diff --git a/app/static/scripts/pc-utils.js b/app/static/scripts/pc-utils.js
index 9fb92c1..16c7619 100644
--- a/app/static/scripts/pc-utils.js
+++ b/app/static/scripts/pc-utils.js
@@ -1,7 +1,7 @@
 function setCookie(name, value) {
 	var end = new Date();
 	end.setTime( end.getTime() + 3600 * 1000 );
-	var str=name+"="+escape(value)+"; expires="+end.toGMTString()+"; path=/";
+	var str=name+"="+escape(value)+"; expires="+end.toGMTString()+"; path=/; Secure; SameSite=lax";
 	document.cookie = str;
 }
 function getCookie(name) {
diff --git a/config.py b/config.py
index be5e06f..f4cd896 100644
--- a/config.py
+++ b/config.py
@@ -18,6 +18,12 @@ class Config(object):
     MAIL_DEFAULT_SENDER = "noreply@v5.planet-casio.com"
     MAIL_SUPPRESS_SEND = None
 
+    # Only send cookies over HTTPS connections (use only if HTTPS is enabled)
+    SESSION_COOKIE_SECURE = True
+    # Only send cookies in requests, do not expose them to Javascript
+    SESSION_COOKIE_HTTPONLY = True
+    # Do not attach cookies to cross-origin requests
+    SESSION_COOKIE_SAMESITE = "Lax"
 
 class DefaultConfig(object):
     """Every value here can be overrided in the local_config.py class"""