Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -N -r1.126.2.3 -r1.126.2.4
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl	15 Feb 2019 16:27:01 -0000	1.126.2.3
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl	17 Feb 2019 12:19:29 -0000	1.126.2.4
@@ -1414,6 +1414,7 @@
     {-path "/"}
     {-secret ""}
     {-token_id ""}
+    {-samesite strict}
     name
     value
 } {
@@ -1469,6 +1470,7 @@
         -max_age $max_age \
         -domain $domain \
         -path $path \
+        -samesite $samesite \
         $name $data
 }
 
Index: openacs-4/packages/acs-tcl/tcl/utilities-procs-aolserver.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs-aolserver.tcl,v
diff -u -N -r1.6 -r1.6.2.1
--- openacs-4/packages/acs-tcl/tcl/utilities-procs-aolserver.tcl	22 Jul 2018 08:20:28 -0000	1.6
+++ openacs-4/packages/acs-tcl/tcl/utilities-procs-aolserver.tcl	17 Feb 2019 12:19:29 -0000	1.6.2.1
@@ -132,6 +132,7 @@
     {-path "/"}
     {-discard f}
     {-scriptable t}
+    {-samesite none}    
     name
     {value ""}
 } {
Index: openacs-4/packages/acs-tcl/tcl/utilities-procs-naviserver.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs-naviserver.tcl,v
diff -u -N -r1.4 -r1.4.2.1
--- openacs-4/packages/acs-tcl/tcl/utilities-procs-naviserver.tcl	20 Dec 2018 18:14:55 -0000	1.4
+++ openacs-4/packages/acs-tcl/tcl/utilities-procs-naviserver.tcl	17 Feb 2019 12:19:29 -0000	1.4.2.1
@@ -13,6 +13,14 @@
     return
 }
 
+#
+# If the server supports samesite cookie, set the samesite as provided.
+#
+try { ns_setcookie } on error {r} {
+    set ::acs::serverSupports(samesiteCookie) [string match "*-samesite*" $r]
+}
+
+
 #-------------------------------------------------------------------------
 # NaviServer implementation of ad_url(en|de)code* procs
 #-------------------------------------------------------------------------
@@ -102,7 +110,8 @@
     {-domain ""}
     {-path "/"}
     {-discard f}
-    {-scriptable t}    
+    {-scriptable t}
+    {-samesite none}
     name 
     {value ""}
 } { 
@@ -162,8 +171,13 @@
         }
     }
 
+    if {$samesite ne "none" && $::acs::serverSupports(samesiteCookie)} {
+        set samesiteFlag "-samesite $samesite"
+    } else {
+        set samesiteFlag ""
+    }
     ns_setcookie -discard $discard -domain $domain -expires $expire -path $path \
-        -replace $replace -scriptable $scriptable -secure $secure -- \
+        -replace $replace -scriptable $scriptable -secure $secure {*}$samesiteFlag -- \
         $name $value
 }