diff --git a/src/main/java/org/olat/core/gui/control/winmgr/_content/serverpart.html b/src/main/java/org/olat/core/gui/control/winmgr/_content/serverpart.html
index 8297a5e466b540b43a35d7de1b466548c6b4967f..84e7c87359243d2ef0d93253f87d286cd6cc6490 100644
--- a/src/main/java/org/olat/core/gui/control/winmgr/_content/serverpart.html
+++ b/src/main/java/org/olat/core/gui/control/winmgr/_content/serverpart.html
@@ -30,7 +30,7 @@ var timestampLastPoll = new Date().getTime();
// set timestamp cookie to inform other windows that they are outdated
var sbtimestamp = new Date().getTime();
var sbcookie = 'OLAT-UI-TIMESTAMP';
-if (window.opener == null) document.cookie = sbcookie+'='+sbtimestamp+'; path=/';
+if (window.opener == null) document.cookie = sbcookie+'='+sbtimestamp+'; path=/; SameSite=strict';
## starts an interval which checks every second whether to send an poll request based on
## the pollperiod or not 10 min after the last click the poll process stops
diff --git a/src/main/java/org/olat/core/servlets/OpenOLATServlet.java b/src/main/java/org/olat/core/servlets/OpenOLATServlet.java
index 618be5c9c82f18bef623a9b80ae92b4fca65237b..1c8f7c8faffa2dde509d403f4974cd65183dbc90 100644
--- a/src/main/java/org/olat/core/servlets/OpenOLATServlet.java
+++ b/src/main/java/org/olat/core/servlets/OpenOLATServlet.java
@@ -26,6 +26,7 @@ import java.util.Map;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
+import javax.servlet.SessionCookieConfig;
import javax.servlet.annotation.MultipartConfig;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
@@ -124,6 +125,12 @@ public class OpenOLATServlet extends HttpServlet {
}
}
+ if(Settings.isSecurePortAvailable()) {
+ SessionCookieConfig cookieConfig = servletConfig.getServletContext().getSessionCookieConfig();
+ cookieConfig.setSecure(true);
+ cookieConfig.setHttpOnly(true);
+ }
+
//preload extensions
ExtManager.getInstance().getExtensions();
AbstractSpringModule.printStats();