diff --git a/server/cookie/cookie.go b/server/cookie/cookie.go
index efc8885..ba409f6 100644
--- a/server/cookie/cookie.go
+++ b/server/cookie/cookie.go
@@ -36,8 +36,9 @@ func SetSession(gc *gin.Context, sessionID string) {
 	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
 	// https://github.com/gin-gonic/gin/blob/master/context.go#L86
 	// TODO add ability to sameSite = none / strict from dashboard
-	gc.SetSameSite(http.SameSiteLaxMode)
-
+	if !appCookieSecure {
+		gc.SetSameSite(http.SameSiteLaxMode)
+	}
 	// TODO allow configuring from dashboard
 	year := 60 * 60 * 24 * 365