diff --git a/application/config/config.php b/application/config/config.php
index 1f9e406b0..3518bf1ee 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -437,7 +437,7 @@ $config['sess_regenerate_destroy'] = FALSE;
 $config['cookie_prefix'] = '';
 $config['cookie_domain'] = '';
 $config['cookie_path'] = '/';
-$config['cookie_secure'] = FALSE;
+$config['cookie_secure'] = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
 $config['cookie_httponly'] = TRUE;
 
 /*
diff --git a/application/core/MY_Security.php b/application/core/MY_Security.php
index 4f0141286..f962c6f73 100644
--- a/application/core/MY_Security.php
+++ b/application/core/MY_Security.php
@@ -19,19 +19,29 @@ class MY_Security extends CI_Security
             return FALSE;
         }
 
+        $path = config_item('cookie_path');
+
         if (PHP_VERSION_ID < 70300) {
+
+            if (is_https())
+            {
+                $path .= '; samesite=strict';
+            }
+
             setcookie($this->_csrf_cookie_name,
                 $this->_csrf_hash, $expire,
-                config_item('cookie_path'). '; samesite=strict',
+                $path,
                 config_item('cookie_domain'),
                 $secure_cookie,
                 FALSE);
         }
         else
         {
+            $samesite = is_https() ? 'None' : 'Strict';
+
             setcookie($this->_csrf_cookie_name,
                 $this->_csrf_hash,
-                ['samesite' => 'Strict',
+                ['samesite' => $samesite,
                     'secure' => $secure_cookie,
                     'expires' => $expire,
                     'path' => config_item('cookie_path'),