diff --git a/src/Microsoft.AspNetCore.Session/SessionMiddleware.cs b/src/Microsoft.AspNetCore.Session/SessionMiddleware.cs
index a9160e4a67..8dda333a7d 100644
--- a/src/Microsoft.AspNetCore.Session/SessionMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Session/SessionMiddleware.cs
@@ -153,6 +153,7 @@ namespace Microsoft.AspNetCore.Session
                 var cookieOptions = new CookieOptions
                 {
                     Domain = _options.CookieDomain,
+                    SameSite = _options.SameSiteMode,
                     HttpOnly = _options.CookieHttpOnly,
                     Path = _options.CookiePath ?? SessionDefaults.CookiePath,
                 };
diff --git a/src/Microsoft.AspNetCore.Session/SessionOptions.cs b/src/Microsoft.AspNetCore.Session/SessionOptions.cs
index a025b60932..b4f0a7aa2a 100644
--- a/src/Microsoft.AspNetCore.Session/SessionOptions.cs
+++ b/src/Microsoft.AspNetCore.Session/SessionOptions.cs
@@ -36,6 +36,12 @@ namespace Microsoft.AspNetCore.Builder
         /// </summary>
         public bool CookieHttpOnly { get; set; } = true;
 
+        /// <summary>
+        /// Determines if the browser should allow the cookie to be attached to same-site or cross-site requests. The
+        /// default is Lax, which means the cookie is allowed to be attached to same-site and safe cross-site requests.
+        /// </summary>
+        public SameSiteMode SameSiteMode { get; set; } = SameSiteMode.Lax;
+
         /// <summary>
         /// Determines if the cookie should only be transmitted on HTTPS requests. 
         /// </summary>