diff --git a/common/src/main/java/com/jeesite/common/web/CookieUtils.java b/common/src/main/java/com/jeesite/common/web/CookieUtils.java
index 1851524d..2a0cb6be 100644
--- a/common/src/main/java/com/jeesite/common/web/CookieUtils.java
+++ b/common/src/main/java/com/jeesite/common/web/CookieUtils.java
@@ -5,6 +5,7 @@
 package com.jeesite.common.web;
 
 import com.jeesite.common.codec.EncodeUtils;
+import com.jeesite.common.io.PropertiesUtils;
 import com.jeesite.common.lang.StringUtils;
 
 import javax.servlet.http.Cookie;
@@ -58,10 +59,12 @@ public class CookieUtils {
 		if (StringUtils.isNotBlank(name)){
 			name = EncodeUtils.encodeUrl(name);
 			value = EncodeUtils.encodeUrl(value);
-			Cookie cookie = new Cookie(name, null);
+			Cookie cookie = new Cookie(name, value);
 			cookie.setPath(path);
 			cookie.setMaxAge(maxAge);
-			cookie.setValue(value);
+			PropertiesUtils props = PropertiesUtils.getInstance();
+			cookie.setSecure(props.getPropertyToBoolean("session.sessionIdCookieSecure", "false"));
+			cookie.setHttpOnly(props.getPropertyToBoolean("session.sessionIdCookieHttpOnly", "true"));
 			response.addCookie(cookie);
 		}
 	}
diff --git a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java
index 8aa4626a..4c25a54c 100644
--- a/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java
+++ b/modules/core/src/main/java/com/jeesite/common/shiro/filter/FormFilter.java
@@ -71,7 +71,8 @@ public class FormFilter extends org.apache.shiro.web.filter.authc.FormAuthentica
 		rememberUserCodeCookie.setPath(Global.getProperty("session.sessionIdCookiePath"));
 		rememberUserCodeCookie.setSecure(Global.getPropertyToBoolean("session.sessionIdCookieSecure", "false"));
 		rememberUserCodeCookie.setHttpOnly(Global.getPropertyToBoolean("session.sessionIdCookieHttpOnly", "true"));
-		rememberUserCodeCookie.setSameSite(SameSiteOptions.valueOf(Global.getProperty("session.sessionIdCookieSameSite", "LAX")));
+		String sameSite = Global.getProperty("session.sessionIdCookieSameSite", "Lax"); // Null、None、Lax、Strict
+		rememberUserCodeCookie.setSameSite(!"Null".equalsIgnoreCase(sameSite) ? SameSiteOptions.valueOf(StringUtils.upperCase(sameSite)) : null);
 		rememberUserCodeCookie.setMaxAge(Cookie.ONE_YEAR);
         instance = this;
 	}