diff --git a/config/application-example.yml b/config/application-example.yml
index f54557828..caedd83cc 100644
--- a/config/application-example.yml
+++ b/config/application-example.yml
@@ -129,3 +129,5 @@ payments_lhv_seller_private: 'kaupmees_priv.pem'
 payments_lhv_seller_account: 'testvpos'
 
 user_session_timeout: '3600' # 1 hour
+secure_session_cookies: 'false' # true|false
+same_site_session_cookies: 'false' # false|strict|lax
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 480996245..d063123a4 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,3 +1,9 @@
 # Be sure to restart your server when you modify this file.
 
-Rails.application.config.session_store :cookie_store, key: '_registry_session'
+secure_cookies = ENV['secure_session_cookies'] == 'true'
+same_site_cookies = ENV['same_site_session_cookies'] != 'false' ? ENV['same_site_session_cookies'].to_sym : false
+
+Rails.application.config.session_store :cookie_store,
+                                       key: '_registry_session',
+                                       secure: secure_cookies,
+                                       same_site: same_site_cookies