diff --git a/httpsso/handler.go b/httpsso/handler.go
index 42848210991ca4530ed7749172af07daa0c9c7dc..5387c0349213b1d377e1e03c29511ed6208c13bf 100644
--- a/httpsso/handler.go
+++ b/httpsso/handler.go
@@ -149,6 +149,7 @@ func (s *SSOWrapper) handleLogin(w http.ResponseWriter, req *http.Request, servi
 	cookie.MaxAge = -1
 	cookie.Value = ""
 	cookie.SameSite = s.SameSite
+	cookie.Secure = true
 	http.SetCookie(w, cookie)
 
 	tkt, err := s.v.Validate(t, nonce, service, groups)