diff --git a/superset/config.py b/superset/config.py
index fe348a18d..79f723d45 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -655,6 +655,16 @@ TALISMAN_CONFIG = {
     "force_https_permanent": False,
 }
 
+#
+# Flask session cookie options
+#
+# See https://flask.palletsprojects.com/en/1.1.x/security/#set-cookie-options
+# for details
+#
+SESSION_COOKIE_HTTPONLY = True  # Prevent cookie from being read by frontend JS?
+SESSION_COOKIE_SECURE = False  # Prevent cookie from being transmitted over non-tls?
+SESSION_COOKIE_SAMESITE = "Lax"  # One of [None, 'Lax', 'Strict']
+
 # URI to database storing the example data, points to
 # SQLALCHEMY_DATABASE_URI by default if set to `None`
 SQLALCHEMY_EXAMPLES_URI = None