diff --git a/app/extensions.py b/app/extensions.py
index 872392b8..7694090a 100644
--- a/app/extensions.py
+++ b/app/extensions.py
@@ -5,4 +5,5 @@ from flask_sqlalchemy import SQLAlchemy
 
 db = SQLAlchemy()
 login_manager = LoginManager()
+login_manager.session_protection = "strong"
 migrate = Migrate(db=db)
diff --git a/server.py b/server.py
index 3f1ad13f..cb4fbec7 100644
--- a/server.py
+++ b/server.py
@@ -83,6 +83,9 @@ def create_app() -> Flask:
 
     # to avoid conflict with other cookie
     app.config["SESSION_COOKIE_NAME"] = "slapp"
+    if URL.startswith("https"):
+        app.config["SESSION_COOKIE_SECURE"] = True
+    app.config["SESSION_COOKIE_SAMESITE"] = "strict"
 
     init_extensions(app)
     register_blueprints(app)