diff --git a/config-templates/config.php b/config-templates/config.php
index 4e0ca044c7a152d26f6ae530011d5292e7e1bee6..f4105766f73a6db15ba1f5e153fe154ebd2c402a 100644
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -144,6 +144,16 @@ $config = array (
 	 */
 	'session.datastore.timeout' => (4*60*60), // 4 hours
 	
+
+	/*
+	 * Set the secure flag in the cookie.
+	 *
+	 * Set this to TRUE if the user only accesses your service
+	 * through https. If the user can access the service through
+	 * both http and https, this must be set to FALSE.
+	 */
+	'session.cookie.secure' => FALSE,
+
 	/*
 	 * Options to override the default settings for php sessions.
 	 */
diff --git a/lib/SimpleSAML/SessionHandlerCookie.php b/lib/SimpleSAML/SessionHandlerCookie.php
index 83a46231591b338277c7f36cb900d7363dd1c6ac..0ced9a384e0e1a3543564ded26581bff227b38b8 100644
--- a/lib/SimpleSAML/SessionHandlerCookie.php
+++ b/lib/SimpleSAML/SessionHandlerCookie.php
@@ -44,30 +44,10 @@ extends SimpleSAML_SessionHandler {
 
 		/* We don't have a valid session. Create a new session id. */
 		$this->session_id = self::createSessionID();
-		setcookie('SimpleSAMLSessionID', $this->session_id, 0, '/',
-			NULL, self::secureCookie());
-	}
-
-
-	/**
-	 * This function checks if we should set a secure cookie.
-	 *
-	 * @return TRUE if the cookie should be secure, FALSE otherwise.
-	 */
-	private static function secureCookie() {
-
-		if(!array_key_exists('HTTPS', $_SERVER)) {
-			/* Not a https-request. */
-			return FALSE;
-		}
-
-		if($_SERVER['HTTPS'] === 'off') {
-			/* IIS with HTTPS off. */
-			return FALSE;
-		}
 
-		/* Otherwise, HTTPS will be a non-empty string. */
-		return $_SERVER['HTTPS'] !== '';
+		$config = SimpleSAML_Configuration::getInstance();
+		$secureFlag = $config->getBoolean('session.cookie.secure', FALSE);
+		setcookie('SimpleSAMLSessionID', $this->session_id, 0, '/', NULL, $secureFlag);
 	}
 
 
diff --git a/lib/SimpleSAML/SessionHandlerPHP.php b/lib/SimpleSAML/SessionHandlerPHP.php
index 40af336ac5f64b6c62f8866337cb8c081c6adb06..b404c82cafc7a1eabbb796614f1192948ed3346c 100644
--- a/lib/SimpleSAML/SessionHandlerPHP.php
+++ b/lib/SimpleSAML/SessionHandlerPHP.php
@@ -34,7 +34,8 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler {
 			$config = SimpleSAML_Configuration::getInstance();
 			
 			$cookiepath = ($config->getBoolean('session.phpsession.limitedpath', FALSE) ? '/' . $config->getBaseURL() : '/');
-			session_set_cookie_params(0, $cookiepath, NULL, SimpleSAML_Utilities::isHTTPS());
+			$secureFlag = $config->getBoolean('session.cookie.secure', FALSE);
+			session_set_cookie_params(0, $cookiepath, NULL, $secureFlag);
 			
 			$cookiename = $config->getString('session.phpsession.cookiename', NULL);
 			if (!empty($cookiename)) session_name($cookiename);