diff --git a/trac/env.py b/trac/env.py
--- a/trac/env.py
+++ b/trac/env.py
@@ -99,6 +99,13 @@
         `base_url` setting also for redirects. This introduces the obvious
         limitation that this environment will only be usable when accessible
         from that URL, as redirects are frequently used. ''(since 0.10.5)''""")
+
+    secure_cookies = BoolOption('trac', 'secure_cookies', False,
+        """Restrict cookies to HTTPS connections.
+        
+        When true, set the `secure` flag on all cookies so that they are
+        only sent to the server on HTTPS connections. Use this if your Trac
+        instance is only accessible through HTTPS. (''since 0.11.2'')""")
 
     project_name = Option('project', 'name', 'My Project',
         """Name of the project.""")
diff --git a/trac/web/auth.py b/trac/web/auth.py
--- a/trac/web/auth.py
+++ b/trac/web/auth.py
@@ -144,6 +144,8 @@
         req.authname = remote_user
         req.outcookie['trac_auth'] = cookie
         req.outcookie['trac_auth']['path'] = req.base_path or '/'
+        if self.env.secure_cookies:
+            req.outcookie['trac_auth']['secure'] = True
 
     def _do_logout(self, req):
         """Log the user out.
@@ -175,6 +177,8 @@
         req.outcookie['trac_auth'] = ''
         req.outcookie['trac_auth']['path'] = req.base_path or '/'
         req.outcookie['trac_auth']['expires'] = -10000
+        if self.env.secure_cookies:
+            req.outcookie['trac_auth']['secure'] = True
 
     def _get_name_for_cookie(self, req, cookie):
         db = self.env.get_db_cnx()
diff --git a/trac/web/main.py b/trac/web/main.py
--- a/trac/web/main.py
+++ b/trac/web/main.py
@@ -280,6 +280,8 @@
         else:
             req.outcookie['trac_form_token'] = hex_entropy(24)
             req.outcookie['trac_form_token']['path'] = req.base_path or '/'
+            if self.env.secure_cookies:
+                req.outcookie['trac_form_token']['secure'] = True
             return req.outcookie['trac_form_token'].value
 
     def _pre_process_request(self, req, chosen_handler):
diff --git a/trac/web/session.py b/trac/web/session.py
--- a/trac/web/session.py
+++ b/trac/web/session.py
@@ -154,6 +154,8 @@
         self.req.outcookie[COOKIE_KEY] = self.sid
         self.req.outcookie[COOKIE_KEY]['path'] = self.req.base_path or '/'
         self.req.outcookie[COOKIE_KEY]['expires'] = expires
+        if self.env.secure_cookies:
+            self.req.outcookie[COOKIE_KEY]['secure'] = True
 
     def get_session(self, sid, authenticated=False):
         refresh_cookie = False