diff --git a/lib/web/session/cookie.go b/lib/web/session/cookie.go
index f7d8712ee2016..df9bb4b538a6b 100644
--- a/lib/web/session/cookie.go
+++ b/lib/web/session/cookie.go
@@ -67,6 +67,7 @@ func SetCookie(w http.ResponseWriter, user, sid string) error {
 		Path:     "/",
 		HttpOnly: true,
 		Secure:   true,
+		SameSite: http.SameSiteLaxMode,
 	}
 	http.SetCookie(w, c)
 	return nil
@@ -80,6 +81,7 @@ func ClearCookie(w http.ResponseWriter) {
 		Path:     "/",
 		HttpOnly: true,
 		Secure:   true,
+		SameSite: http.SameSiteLaxMode,
 	})
 }
 
diff --git a/lib/web/session/cookie_test.go b/lib/web/session/cookie_test.go
index 12c4221d6243a..8f7d685033cfe 100644
--- a/lib/web/session/cookie_test.go
+++ b/lib/web/session/cookie_test.go
@@ -48,7 +48,7 @@ func TestCookies(t *testing.T) {
 	require.Len(t, setCookies, 2)
 
 	// SetCookie will store the encoded session in the cookie
-	require.Equal(t, "__Host-session=7b2275736572223a226c6c616d61222c22736964223a223938373635227d; Path=/; HttpOnly; Secure", setCookies[0])
+	require.Equal(t, "__Host-session=7b2275736572223a226c6c616d61222c22736964223a223938373635227d; Path=/; HttpOnly; Secure; SameSite=Lax", setCookies[0])
 	// ClearCookie will add an entry with the cookie value cleared out
-	require.Equal(t, "__Host-session=; Path=/; HttpOnly; Secure", setCookies[1])
+	require.Equal(t, "__Host-session=; Path=/; HttpOnly; Secure; SameSite=Lax", setCookies[1])
 }