diff --git a/TES/tes/apiendpoints.py b/TES/tes/apiendpoints.py
index 76c8f34930404cc968d1d7d6c02a31870e93fd18..16f401c9eeead4d146970aa43ba8c0fe7958a8ff 100644
--- a/TES/tes/apiendpoints.py
+++ b/TES/tes/apiendpoints.py
@@ -475,7 +475,7 @@ class CreateTunnel(Resource):
                    localbind=localbind, authtok=authtok)
         response = make_response("")
         response.mime_type = 'application/json'
-        response.set_cookie('twsproxyauth', authtok, httponly=True)
+        response.set_cookie('twsproxyauth', authtok, httponly=True,samesite='Strict')
         logger.debug('JobConnect.connect: connecting via redirect with cookie authtok set to  {}'.format(authtok))
         return response
 
diff --git a/TWS/twsproxy/__init__.py b/TWS/twsproxy/__init__.py
index da43556f07c09758505dd229048c3b9d204eec69..23cf9d758038c991a7666e860bb3c791385e70aa 100644
--- a/TWS/twsproxy/__init__.py
+++ b/TWS/twsproxy/__init__.py
@@ -94,7 +94,7 @@ class TWSProxy(threading.Thread):
         initshutdown.clear()
         (header, bytessofar) = self.inittws(initshutdown)
         if self.authtok is not None:
-            replyheader = b'Set-Cookie: twsproxyauth2='+self.authtok+b' ; HttpOnly\r\n'
+            replyheader = b'Set-Cookie: twsproxyauth2='+self.authtok+b' ; HttpOnly; SameSite=Strict\r\n'
         else:
             replyheader = None
         insertafter = b'HTTP/1.1 200 OK\r\n'