diff --git a/src/callback.ts b/src/callback.ts
index 1ef8823..1359392 100644
--- a/src/callback.ts
+++ b/src/callback.ts
@@ -72,13 +72,15 @@ export const createSfAuthCallbackRoute = (
 
     response.cookies.set(cookieNames.userId, userId, {
       httpOnly: true,
-      sameSite: "lax",
+      sameSite: "strict",
+      secure: true,
       path: "/"
     });
 
     response.cookies.set(cookieNames.username, username, {
       httpOnly: true,
-      sameSite: "lax",
+      sameSite: "strict",
+      secure: true,
       path: "/"
     });