diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
index 66dc6025c27cde0018717196d5016a352c4e46c5..f9ca5aa9dd93b8705ca01aa7bb4c731a9ef75b23 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
@@ -249,10 +249,9 @@ public class DataStoreServer
         servletContextHandler.setAttribute(
                 WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE,
                 ServiceProvider.getApplicationContext());
+        servletContextHandler.getSessionHandler().getSessionCookieConfig().setHttpOnly(true);
         // Disable URL rewriting (forces container to stop appending ";jsessionid=xxx" to urls)
         // to avoid mistakes in URL parsing by download servlets
-        servletContextHandler.getSessionHandler().getSessionCookieConfig().setHttpOnly(true);
-        servletContextHandler.getSessionHandler().getSessionCookieConfig().setSecure(true);
         servletContextHandler.getSessionHandler()
                 .setSessionIdPathParameterName(null);
         String applicationName = "/" + DATA_STORE_SERVER_WEB_APPLICATION_NAME;
diff --git a/openbis_standard_technologies/resource/server/jetty-web.xml b/openbis_standard_technologies/resource/server/jetty-web.xml
index e88a2c193448c3946906281d1076c66dcca49a0c..c5d95dbcbaf382e28530bb2113e58d0d5c7fdc34 100644
--- a/openbis_standard_technologies/resource/server/jetty-web.xml
+++ b/openbis_standard_technologies/resource/server/jetty-web.xml
@@ -7,7 +7,6 @@
 	</Call>
     <Get name="sessionHandler">
       <Get name="sessionCookieConfig">
-        <Set name="secure" type="boolean">true</Set>
         <Set name="httpOnly" type="boolean">true</Set>
       </Get>
     </Get>