diff --git a/config-templates/config.php b/config-templates/config.php
index 209137dc9178628d8353638ef2b0b0993b27b06a..65f9c1fe15f8b9a2f315ac3495c1d7c23bcd8577 100644
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -656,6 +656,8 @@ $config = array(
     'language.cookie.name' => 'language',
     'language.cookie.domain' => null,
     'language.cookie.path' => '/',
+    'language.cookie.secure' => false,
+    'language.cookie.httponly' => false,
     'language.cookie.lifetime' => (60 * 60 * 24 * 900),
 
     /*
diff --git a/lib/SimpleSAML/Locale/Language.php b/lib/SimpleSAML/Locale/Language.php
index 43fae43e39cd1f140c49659a08c469c2e9984656..939bcba355a429c2fa6fb6850fa1a182dcbec26a 100644
--- a/lib/SimpleSAML/Locale/Language.php
+++ b/lib/SimpleSAML/Locale/Language.php
@@ -412,7 +412,8 @@ class Language
             'lifetime' => ($config->getInteger('language.cookie.lifetime', 60 * 60 * 24 * 900)),
             'domain'   => ($config->getString('language.cookie.domain', null)),
             'path'     => ($config->getString('language.cookie.path', '/')),
-            'httponly' => false,
+            'secure'   => ($config->getBoolean('language.cookie.secure', false)),
+            'httponly' => ($config->getBoolean('language.cookie.httponly', false)),
         );
 
         HTTP::setCookie($name, $language, $params, false);