diff --git a/core/server/services/auth/session/express-session.js b/core/server/services/auth/session/express-session.js
index e415a75994..060d7c8a8e 100644
--- a/core/server/services/auth/session/express-session.js
+++ b/core/server/services/auth/session/express-session.js
@@ -23,7 +23,7 @@ function getExpressSessionMiddleware() {
                 maxAge: constants.SIX_MONTH_MS,
                 httpOnly: true,
                 path: urlUtils.getSubdir() + '/ghost',
-                sameSite: 'none',
+                sameSite: urlUtils.isSSL(config.get('url')) ? 'none' : 'lax',
                 secure: urlUtils.isSSL(config.get('url'))
             }
         });