diff --git a/bundles/CoreBundle/Resources/config/pimcore/default.yml b/bundles/CoreBundle/Resources/config/pimcore/default.yml
index 23a52337694..67bc98e317c 100644
--- a/bundles/CoreBundle/Resources/config/pimcore/default.yml
+++ b/bundles/CoreBundle/Resources/config/pimcore/default.yml
@@ -19,6 +19,7 @@ framework:
         # http://symfony.com/doc/current/reference/configuration/framework.html#handler-id
         # use the native PHP session mechanism
         handler_id:  null
+        cookie_samesite: 'strict'
     php_errors:
         log: true
     assets: ~
diff --git a/doc/Development_Documentation/23_Installation_and_Upgrade/09_Upgrade_Notes/README.md b/doc/Development_Documentation/23_Installation_and_Upgrade/09_Upgrade_Notes/README.md
index ee8bf75c433..ed35e070fc8 100644
--- a/doc/Development_Documentation/23_Installation_and_Upgrade/09_Upgrade_Notes/README.md
+++ b/doc/Development_Documentation/23_Installation_and_Upgrade/09_Upgrade_Notes/README.md
@@ -29,6 +29,14 @@ services:
             - Pimcore\Security\Encoder\PasswordFieldEncoder
             - ['password']
 ```
+- [Session] Default setting for `framework.session.cookie_samesite` changed to `strict`. 
+  For more information about the possible impact on your project, please have a look at the [docs of set-cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite). 
+  If you prefer to stay on the old session cookie behavior, please add the following to your project configuration: 
+```yaml
+framework:
+    session:
+        cookie_samesite: 'lax'
+```  
 
 ## 10.0.0