diff --git a/config/session.php b/config/session.php
index 38e01099230..faddaf11e04 100644
--- a/config/session.php
+++ b/config/session.php
@@ -150,4 +150,20 @@
 
 	'secure' => false,
 
+    /*
+    |--------------------------------------------------------------------------
+    | Same-Site Cookies
+    |--------------------------------------------------------------------------
+    |
+    | This option determines how your cookies behave when cross-site requests
+    | take place, and can be used to mitigate CSRF attacks. By default, we
+    | do not enable this as other CSRF protection services are in place.
+    |
+    | Supported: "lax", "strict"
+    |
+    */
+
+    'same_site' => "lax",
+
+
 ];