diff --git a/app.js b/app.js
index 265eb475d..c65b84835 100644
--- a/app.js
+++ b/app.js
@@ -140,7 +140,8 @@ app.use(session({
   rolling: true, // reset maxAge on every response
   cookie: {
     maxAge: config.sessionLife,
-    sameSite: 'strict'
+    sameSite: 'strict',
+    secure: config.useSSL || config.protocolUseSSL || false
   },
   store: sessionStore
 }))