diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php
index 287a151f41c..8f19a273586 100644
--- a/htdocs/core/lib/security2.lib.php
+++ b/htdocs/core/lib/security2.lib.php
@@ -191,7 +191,23 @@ if (!function_exists('dol_loginfunction')) {
 		// and the conf file is loaded.
 		$prefix = dol_getprefix('');
 		$sessiontimeout = 'DOLSESSTIMEOUT_'.$prefix;
+
 		if (!empty($conf->global->MAIN_SESSION_TIMEOUT)) {
+			if (PHP_VERSION_ID < 70300) {
+				session_set_cookie_params(0, '/', null, ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true), true); // Add tag secure and httponly on session cookie (same as setting session.cookie_httponly into php.ini). Must be called before the session_start.
+			} else {
+				// Only available for php >= 7.3
+				$sessioncookieparams = array(
+					'lifetime' => 0,
+					'path' => '/',
+					//'domain' => '.mywebsite.com', // the dot at the beginning allows compatibility with subdomains
+					'secure' => ((empty($dolibarr_main_force_https) && isHTTPS() === false) ? false : true),
+					'httponly' => true,
+					'samesite' => 'Lax'	// None || Lax  || Strict
+				);
+				session_set_cookie_params($sessioncookieparams);
+			}
+
 			setcookie($sessiontimeout, $conf->global->MAIN_SESSION_TIMEOUT, 0, "/", null, (empty($dolibarr_main_force_https) ? false : true), true);
 		}