diff --git a/docs/NEWS b/docs/NEWS
index ba85de02..739abb74 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -58,6 +58,9 @@ Version 2.1 ()
 Version 2.0.2 ()
 ------------------------------------------------------------------------
 
+   * Use "secure" flag for (session) cookies sent over SSL, thanks to
+     dayton967
+     
    * Make preview_iframe.tpl template files load the proper frontend
      CSS file, including cache-busting version string when changing
      themes
diff --git a/serendipity_config.inc.php b/serendipity_config.inc.php
index fa01e36b..dca9507b 100644
--- a/serendipity_config.inc.php
+++ b/serendipity_config.inc.php
@@ -10,6 +10,9 @@ if (defined('S9Y_FRAMEWORK')) {
 if (!headers_sent() && php_sapi_name() !== 'cli') {
     // Only set the session name, if no session has yet been issued.
     if (session_id() == '') {
+        $cookieParams = session_get_cookie_params();
+        $cookieParams['secure'] = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ? true : false);
+        session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $cookieParams['domain'], $cookieParams['secure'], $cookieParams['httponly']);
         session_name('s9y_' . md5(dirname(__FILE__)));
         session_start();
     }