diff --git a/server/cookie/cookie.go b/server/cookie/cookie.go
index 27b0579..5bb1996 100644
--- a/server/cookie/cookie.go
+++ b/server/cookie/cookie.go
@@ -29,10 +29,16 @@ func SetSession(gc *gin.Context, sessionID string) {
 		domain = "." + domain
 	}
 
+	// Use sameSite = lax by default
+	// For more information check:
+	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
+	// https://github.com/gin-gonic/gin/blob/master/context.go#L86
+	// TODO add ability to sameSite = none / strict from dashboard
+	gc.SetSameSite(http.SameSiteLaxMode)
+
 	// TODO allow configuring from dashboard
 	year := 60 * 60 * 24 * 365
 
-	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.AppCookieName+"_session", sessionID, year, "/", host, secure, httpOnly)
 	gc.SetCookie(constants.AppCookieName+"_session_domain", sessionID, year, "/", domain, secure, httpOnly)
 }