diff --git a/app.js b/app.js
index 4980d45d02..6925276def 100644
--- a/app.js
+++ b/app.js
@@ -69,7 +69,7 @@ app.use(morgan('combined', {
 }))
 
 // socket io
-var io = require('socket.io')(server)
+var io = require('socket.io')(server, {cookie: false})
 io.engine.ws = new (require('ws').Server)({
   noServer: true,
   perMessageDeflate: false
@@ -148,7 +148,8 @@ app.use(session({
   saveUninitialized: true, // always create session to ensure the origin
   rolling: true, // reset maxAge on every response
   cookie: {
-    maxAge: config.sessionLife
+    maxAge: config.sessionLife,
+    sameSite: 'lax'
   },
   store: sessionStore
 }))
diff --git a/public/js/index.js b/public/js/index.js
index c736cb7f2c..bf39389d80 100644
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -1632,7 +1632,8 @@ function toggleNightMode () {
     store.set('nightMode', !isActive)
   } else {
     Cookies.set('nightMode', !isActive, {
-      expires: 365
+      expires: 365,
+      sameSite: 'Lax'
     })
   }
 }
diff --git a/public/js/lib/common/login.js b/public/js/lib/common/login.js
index 28e5b4703b..ca09431f91 100644
--- a/public/js/lib/common/login.js
+++ b/public/js/lib/common/login.js
@@ -19,11 +19,13 @@ export function resetCheckAuth () {
 
 export function setLoginState (bool, id) {
   Cookies.set('loginstate', bool, {
-    expires: 365
+    expires: 365,
+    sameSite: 'Lax'
   })
   if (id) {
     Cookies.set('userid', id, {
-      expires: 365
+      expires: 365,
+      sameSite: 'Lax'
     })
   } else {
     Cookies.remove('userid')
diff --git a/public/js/lib/editor/index.js b/public/js/lib/editor/index.js
index bb4679dcf8..634bfd66ed 100644
--- a/public/js/lib/editor/index.js
+++ b/public/js/lib/editor/index.js
@@ -414,12 +414,14 @@ export default class Editor {
     const setType = () => {
       if (this.editor.getOption('indentWithTabs')) {
         Cookies.set('indent_type', 'tab', {
-          expires: 365
+          expires: 365,
+          sameSite: 'Lax'
         })
         type.text('Tab Size:')
       } else {
         Cookies.set('indent_type', 'space', {
-          expires: 365
+          expires: 365,
+          sameSite: 'Lax'
         })
         type.text('Spaces:')
       }
@@ -430,11 +432,13 @@ export default class Editor {
       var unit = this.editor.getOption('indentUnit')
       if (this.editor.getOption('indentWithTabs')) {
         Cookies.set('tab_size', unit, {
-          expires: 365
+          expires: 365,
+          sameSite: 'Lax'
         })
       } else {
         Cookies.set('space_units', unit, {
-          expires: 365
+          expires: 365,
+          sameSite: 'Lax'
         })
       }
       widthLabel.text(unit)
@@ -502,7 +506,8 @@ export default class Editor {
     const setKeymapLabel = () => {
       var keymap = this.editor.getOption('keyMap')
       Cookies.set('keymap', keymap, {
-        expires: 365
+        expires: 365,
+        sameSite: 'Lax'
       })
       label.text(keymap)
       this.restoreOverrideEditorKeymap()
@@ -537,7 +542,8 @@ export default class Editor {
     const setTheme = theme => {
       this.editor.setOption('theme', theme)
       Cookies.set('theme', theme, {
-        expires: 365
+        expires: 365,
+        sameSite: 'Lax'
       })
       this.statusIndicators.find('.status-theme li').removeClass('active')
       this.statusIndicators.find(`.status-theme li[value="${theme}"]`).addClass('active')
@@ -639,7 +645,8 @@ export default class Editor {
         spellcheckToggle.removeClass('active')
 
         Cookies.set('spellcheck', false, {
-          expires: 365
+          expires: 365,
+          sameSite: 'Lax'
         })
 
         self.editor.setOption('mode', defaultEditorMode)
@@ -647,7 +654,8 @@ export default class Editor {
         spellcheckToggle.addClass('active')
 
         Cookies.set('spellcheck', lang, {
-          expires: 365
+          expires: 365,
+          sameSite: 'Lax'
         })
 
         self.editor.setOption('mode', 'spell-checker')
@@ -668,7 +676,8 @@ export default class Editor {
         this.editor.setOption('gutters', [lintGutter, ...gutters])
       }
       Cookies.set('linter', true, {
-        expires: 365
+        expires: 365,
+        sameSite: 'Lax'
       })
     } else {
       this.editor.setOption('gutters', gutters.filter(g => g !== lintGutter))
@@ -717,7 +726,8 @@ export default class Editor {
     )
     if (overrideBrowserKeymap.is(':checked')) {
       Cookies.set('preferences-override-browser-keymap', true, {
-        expires: 365
+        expires: 365,
+        sameSite: 'Lax'
       })
       this.restoreOverrideEditorKeymap()
     } else {
diff --git a/public/js/locale.js b/public/js/locale.js
index 71c0f99fb5..a782236ff6 100644
--- a/public/js/locale.js
+++ b/public/js/locale.js
@@ -25,7 +25,8 @@ $('select.ui-locale option[value="' + lang + '"]').attr('selected', 'selected')
 
 locale.change(function () {
   Cookies.set('locale', $(this).val(), {
-    expires: 365
+    expires: 365,
+    sameSite: 'Lax'
   })
   window.location.reload()
 })