diff --git a/django/conf/global_settings.py b/django/conf/global_settings.py
index a00e2ba4eb9..4ea694d064d 100644
--- a/django/conf/global_settings.py
+++ b/django/conf/global_settings.py
@@ -252,6 +252,7 @@ MIDDLEWARE_CLASSES = (
 SESSION_COOKIE_NAME = 'sessionid'         # Cookie name. This can be whatever you want.
 SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds (default: 2 weeks).
 SESSION_COOKIE_DOMAIN = None              # A string like ".lawrence.com", or None for standard domain cookie.
+SESSION_COOKIE_SECURE = False             # Whether the session cookie should be secure (https:// only).
 SESSION_SAVE_EVERY_REQUEST = False        # Whether to save the session data on every request.
 SESSION_EXPIRE_AT_BROWSER_CLOSE = False   # Whether sessions expire when a user closes his browser.
 
diff --git a/django/contrib/sessions/middleware.py b/django/contrib/sessions/middleware.py
index dde4f1a6c08..2337ad8a61a 100644
--- a/django/contrib/sessions/middleware.py
+++ b/django/contrib/sessions/middleware.py
@@ -88,5 +88,6 @@ class SessionMiddleware(object):
                 new_session = Session.objects.save(session_key, request.session._session,
                     datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
                 response.set_cookie(settings.SESSION_COOKIE_NAME, session_key,
-                    max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN)
+                    max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
+                    secure=settings.SESSION_COOKIE_SECURE or None)
         return response
diff --git a/docs/sessions.txt b/docs/sessions.txt
index c473d0a3db6..d39f42c3bf8 100644
--- a/docs/sessions.txt
+++ b/docs/sessions.txt
@@ -245,6 +245,17 @@ Default: ``'sessionid'``
 
 The name of the cookie to use for sessions. This can be whatever you want.
 
+SESSION_COOKIE_SECURE
+---------------------
+
+**New in Django development version**
+
+Default: ``False``
+
+Whether to use a secure cookie for the session cookie. If this is set to
+``True``, the cookie will be marked as "secure," which means browsers may
+ensure that the cookie is only sent under an HTTPS connection.
+
 SESSION_EXPIRE_AT_BROWSER_CLOSE
 -------------------------------
 
diff --git a/docs/settings.txt b/docs/settings.txt
index 099196e56e1..67e0498e1ac 100644
--- a/docs/settings.txt
+++ b/docs/settings.txt
@@ -647,6 +647,18 @@ Default: ``'sessionid'``
 The name of the cookie to use for sessions. This can be whatever you want.
 See the `session docs`_.
 
+SESSION_COOKIE_SECURE
+---------------------
+
+**New in Django development version**
+
+Default: ``False``
+
+Whether to use a secure cookie for the session cookie. If this is set to
+``True``, the cookie will be marked as "secure," which means browsers may
+ensure that the cookie is only sent under an HTTPS connection.
+See the `session docs`_.
+
 SESSION_EXPIRE_AT_BROWSER_CLOSE
 -------------------------------