diff --git a/roles/anitya/frontend/templates/anitya.cfg b/roles/anitya/frontend/templates/anitya.cfg
index e0c0fba96a..20ec9bec8d 100644
--- a/roles/anitya/frontend/templates/anitya.cfg
+++ b/roles/anitya/frontend/templates/anitya.cfg
@@ -24,3 +24,5 @@ ANITYA_WEB_FEDORA_OPENID = 'https://id.fedoraproject.org'
 
 # This is required to fix login
 PREFERRED_URL_SCHEME='https'
+# Make browsers send session cookie only via HTTPS
+SESSION_COOKIE_SECURE=True
diff --git a/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg b/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg
index a56ddf9587..a792d31d81 100644
--- a/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg
+++ b/roles/mirrormanager/frontend2/templates/mirrormanager2.cfg
@@ -23,7 +23,8 @@ SECRET_KEY = '{{ mirrormanager_secret_key }}'
 # This should be kept really secret!
 PASSWORD_SEED = "{{ mirrormanager_password_seed }}"
 
-
+# Make browsers send session cookie only via HTTPS
+SESSION_COOKIE_SECURE=True
 
 ###
 # Other configuration items for the web-app