diff --git a/htdocs/conf/conf.php.example b/htdocs/conf/conf.php.example
index a742c5c45fd..32c37301a0e 100644
--- a/htdocs/conf/conf.php.example
+++ b/htdocs/conf/conf.php.example
@@ -218,7 +218,7 @@ $dolibarr_main_authentication='dolibarr';
 // 0 = No forced redirect
 // 1 = Force redirect to https, until SCRIPT_URI start with https into response
 // 2 = Force redirect to https, until SERVER["HTTPS"] is 'on' into response
-// 'https://my.domain.com' = Force reditect to https using this domain name.
+// 'https://my.domain.com' = Force redirect to https using this domain name.
 // Warning: If you enable this parameter, your web server must be configured to
 // respond URL with https protocol.
 // According to your web server setup, some values may works and other not. Try
@@ -226,7 +226,7 @@ $dolibarr_main_authentication='dolibarr';
 // Default value: 0
 // Possible values: 0, 1, 2 or 'https://my.domain.com'
 // Examples:
-// $dolibarr_main_force_https='0';
+// $dolibarr_main_force_https='1';
 //
 $dolibarr_main_force_https='0';
 
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 1cea53ae2a7..444d541cd98 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -210,7 +210,7 @@ $sessionname = 'DOLSESSID_'.$prefix;
 $sessiontimeout = 'DOLSESSTIMEOUT_'.$prefix;
 if (!empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime', $_COOKIE[$sessiontimeout]);
 session_name($sessionname);
-session_set_cookie_params(0, '/', null, false, true); // Add tag httponly on session cookie (same as setting session.cookie_httponly into php.ini). Must be called before the session_start.
+session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie (same as setting session.cookie_httponly into php.ini). Must be called before the session_start.
 // This create lock, released when session_write_close() or end of page.
 // We need this lock as long as we read/write $_SESSION ['vars']. We can remove lock when finished.
 if (!defined('NOSESSION'))
@@ -625,7 +625,7 @@ if (!defined('NOLOGIN'))
 			dol_syslog('User not found, connexion refused');
 			session_destroy();
 			session_name($sessionname);
-			session_set_cookie_params(0, '/', null, false, true); // Add tag httponly on session cookie
+			session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie
 			session_start();
 
 			if ($resultFetchUser == 0)
@@ -682,7 +682,7 @@ if (!defined('NOLOGIN'))
 			dol_syslog("Can't load user even if session logged. _SESSION['dol_login']=".$login, LOG_WARNING);
 			session_destroy();
 			session_name($sessionname);
-			session_set_cookie_params(0, '/', null, false, true); // Add tag httponly on session cookie
+			session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie
 			session_start();
 
 			if ($resultFetchUser == 0)