diff --git a/lib/private/AppFramework/App.php b/lib/private/AppFramework/App.php
index e02f372e41c300d0f6d7be31bb170c5e3a5359a7..ea97ea4096d9841fafc652841c6cd37b02cae6af 100644
--- a/lib/private/AppFramework/App.php
+++ b/lib/private/AppFramework/App.php
@@ -151,6 +151,8 @@ class App {
 			if ($value['expireDate'] instanceof \DateTime) {
 				$expireDate = $value['expireDate']->getTimestamp();
 			}
+			$sameSite = $value['sameSite'] ?? 'Lax';
+
 			$io->setCookie(
 				$name,
 				$value['value'],
@@ -158,7 +160,8 @@ class App {
 				$container->getServer()->getWebRoot(),
 				null,
 				$container->getServer()->getRequest()->getServerProtocol() === 'https',
-				true
+				true,
+				$sameSite
 			);
 		}
 
diff --git a/lib/private/AppFramework/Http/Output.php b/lib/private/AppFramework/Http/Output.php
index fd95f37036009c9114dc4da05fc0855ee5f8753b..8777c1970a69087a38b0950bae4ed9c6ae0f127a 100644
--- a/lib/private/AppFramework/Http/Output.php
+++ b/lib/private/AppFramework/Http/Output.php
@@ -92,8 +92,20 @@ class Output implements IOutput {
 	 * @param bool $secure
 	 * @param bool $httpOnly
 	 */
-	public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly) {
+	public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly, $sameSite = 'Lax') {
 		$path = $this->webRoot ? : '/';
-		setcookie($name, $value, $expire, $path, $domain, $secure, $httpOnly);
+
+		if (PHP_VERSION_ID < 70300) {
+			setcookie($name, $value, $expire, $path, $domain, $secure, $httpOnly);
+		} else {
+			setcookie($name, $value, [
+				'expires' => $expire,
+				'path' => $path,
+				'domain' => $domain,
+				'secure' => $secure,
+				'httponly' => $httpOnly,
+				'samesite' => $sameSite
+			]);
+		}
 	}
 }
diff --git a/lib/public/AppFramework/Http/IOutput.php b/lib/public/AppFramework/Http/IOutput.php
index 888c9f45b23db3f77f62156eb8f0ba7606123163..39543dc9bf11b85b22e8c398bcb4c346503903e4 100644
--- a/lib/public/AppFramework/Http/IOutput.php
+++ b/lib/public/AppFramework/Http/IOutput.php
@@ -72,7 +72,8 @@ interface IOutput {
 	 * @param string $domain
 	 * @param bool $secure
 	 * @param bool $httpOnly
+	 * @param string $sameSite (added in 20)
 	 * @since 8.1.0
 	 */
-	public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly);
+	public function setCookie($name, $value, $expire, $path, $domain, $secure, $httpOnly, $sameSite = 'Lax');
 }
diff --git a/lib/public/AppFramework/Http/Response.php b/lib/public/AppFramework/Http/Response.php
index 6f418e42553e3e4a2f0698a7cb00d6dc3c7d940f..832e0b9624700a72fd149419a15940d910b18ef9 100644
--- a/lib/public/AppFramework/Http/Response.php
+++ b/lib/public/AppFramework/Http/Response.php
@@ -133,11 +133,12 @@ class Response {
 	 * @param \DateTime|null $expireDate Date on that the cookie should expire, if set
 	 * 									to null cookie will be considered as session
 	 * 									cookie.
+	 * @param string $sameSite The samesite value of the cookie. Defaults to Lax. Other possibilities are Strict or None
 	 * @return $this
 	 * @since 8.0.0
 	 */
-	public function addCookie($name, $value, \DateTime $expireDate = null) {
-		$this->cookies[$name] = ['value' => $value, 'expireDate' => $expireDate];
+	public function addCookie($name, $value, \DateTime $expireDate = null, $sameSite = 'Lax') {
+		$this->cookies[$name] = ['value' => $value, 'expireDate' => $expireDate, 'sameSite' => $sameSite];
 		return $this;
 	}
 
diff --git a/tests/lib/AppFramework/Http/ResponseTest.php b/tests/lib/AppFramework/Http/ResponseTest.php
index f33d0a0089d5b6dfe82778a093c23659e7771ea1..ea1e74de50e47f8496cc4a3b5bc5ff9dce9d418c 100644
--- a/tests/lib/AppFramework/Http/ResponseTest.php
+++ b/tests/lib/AppFramework/Http/ResponseTest.php
@@ -108,10 +108,12 @@ class ResponseTest extends \Test\TestCase {
 			'foo' => [
 				'value' => 'bar',
 				'expireDate' => null,
+				'sameSite' => 'Lax',
 			],
 			'bar' => [
 				'value' => 'foo',
-				'expireDate' => new \DateTime('1970-01-01')
+				'expireDate' => new \DateTime('1970-01-01'),
+				'sameSite' => 'Lax',
 			]
 		];
 		$this->assertEquals($expectedResponse, $this->childResponse->getCookies());
@@ -143,7 +145,8 @@ class ResponseTest extends \Test\TestCase {
 		$expected = [
 			'foo' => [
 				'value' => 'expired',
-				'expireDate' => new \DateTime('1971-01-01')
+				'expireDate' => new \DateTime('1971-01-01'),
+				'sameSite' => 'Lax',
 			]
 		];
 
@@ -159,11 +162,13 @@ class ResponseTest extends \Test\TestCase {
 		$expected = [
 			'foo' => [
 				'value' => 'bar',
-				'expireDate' => null
+				'expireDate' => null,
+				'sameSite' => 'Lax',
 			],
 			'bar' => [
 				'value' => 'foo',
-				'expireDate' => null
+				'expireDate' => null,
+				'sameSite' => 'Lax',
 			]
 		];
 		$cookies = $this->childResponse->getCookies();
@@ -173,11 +178,13 @@ class ResponseTest extends \Test\TestCase {
 		$expected = [
 			'foo' => [
 				'value' => 'expired',
-				'expireDate' => new \DateTime('1971-01-01')
+				'expireDate' => new \DateTime('1971-01-01'),
+				'sameSite' => 'Lax',
 			],
 			'bar' => [
 				'value' => 'expired',
-				'expireDate' => new \DateTime('1971-01-01')
+				'expireDate' => new \DateTime('1971-01-01'),
+				'sameSite' => 'Lax',
 			]
 		];