diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js
index 2cafd271..c53eb1d1 100644
--- a/src/node/hooks/express/webaccess.js
+++ b/src/node/hooks/express/webaccess.js
@@ -120,7 +120,7 @@ exports.expressConfigure = function (hook_name, args, cb) {
   }
 
   args.app.sessionStore = exports.sessionStore;
-  args.app.use(sessionModule({secret: exports.secret, store: args.app.sessionStore, resave: true, saveUninitialized: true, name: 'express_sid' }));
+  args.app.use(sessionModule({secret: exports.secret, store: args.app.sessionStore, resave: true, saveUninitialized: true, name: 'express_sid', proxy: true, cookie: { secure: !!settings.ssl }}));
 
   args.app.use(cookieParser(settings.sessionKey, {}));
 
diff --git a/src/static/js/pad.js b/src/static/js/pad.js
index a9eaf7d2..c967e461 100644
--- a/src/static/js/pad.js
+++ b/src/static/js/pad.js
@@ -52,43 +52,6 @@ var hooks = require('./pluginfw/hooks');
 
 var receivedClientVars = false;
 
-function createCookie(name, value, days, path){ /* Warning Internet Explorer doesn't use this it uses the one from pad_utils.js */
-  if (days)
-  {
-    var date = new Date();
-    date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
-    var expires = "; expires=" + date.toGMTString();
-  }
-  else{
-    var expires = "";
-  }
-  
-  if(!path){ // If the path isn't set then just whack the cookie on the root path
-    path = "/";
-  }
-  
-  //Check if the browser is IE and if so make sure the full path is set in the cookie
-  if((navigator.appName == 'Microsoft Internet Explorer') || ((navigator.appName == 'Netscape') && (new RegExp("Trident/.*rv:([0-9]{1,}[\.0-9]{0,})").exec(navigator.userAgent) != null))){
-    document.cookie = name + "=" + value + expires + "; path="+document.location;
-  }
-  else{
-    document.cookie = name + "=" + value + expires + "; path=" + path;
-  }
-}
-
-function readCookie(name)
-{
-  var nameEQ = name + "=";
-  var ca = document.cookie.split(';');
-  for (var i = 0; i < ca.length; i++)
-  {
-    var c = ca[i];
-    while (c.charAt(0) == ' ') c = c.substring(1, c.length);
-    if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);
-  }
-  return null;
-}
-
 function randomString()
 {
   var chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
@@ -487,10 +450,10 @@ var pad = {
       handshake();
 
       // To use etherpad you have to allow cookies.
-      // This will check if the creation of a test-cookie has success.
+      // This will check if the prefs-cookie is set.
       // Otherwise it shows up a message to the user.
-      createCookie("test", "test");
-      if (!readCookie("test"))
+      padcookie.init();
+      if (!readCookie("prefs"))
       {
         $('#loading').hide();
         $('#noCookie').show();
diff --git a/src/static/js/pad_cookie.js b/src/static/js/pad_cookie.js
index 9866dbfd..b563a7e6 100644
--- a/src/static/js/pad_cookie.js
+++ b/src/static/js/pad_cookie.js
@@ -43,7 +43,8 @@ var padcookie = (function()
   {
     var expiresDate = new Date();
     expiresDate.setFullYear(3000);
-    document.cookie = ('prefs=' + safeText + ';expires=' + expiresDate.toGMTString());
+    var secure = isHttpsScheme() ? ";secure" : "";
+    document.cookie = ('prefs=' + safeText + ';expires=' + expiresDate.toGMTString() + secure);
   }
 
   function parseCookie(text)
@@ -79,6 +80,10 @@ var padcookie = (function()
       alreadyWarnedAboutNoCookies = true;
     }
   }
+  
+  function isHttpsScheme() {
+    return window.location.protocol == "https:";
+  }
 
   var wasNoCookie = true;
   var cookieData = {};
diff --git a/src/static/js/pad_utils.js b/src/static/js/pad_utils.js
index 7166e0fb..b83f21cf 100644
--- a/src/static/js/pad_utils.js
+++ b/src/static/js/pad_utils.js
@@ -53,13 +53,16 @@ function createCookie(name, value, days, path){ /* Used by IE */
   if(!path){ // IF the Path of the cookie isn't set then just create it on root
     path = "/";
   }
+  
+  //Check if we accessed the pad over https
+  var secure = window.location.protocol == "https:" ? ";secure" : "";
 
   //Check if the browser is IE and if so make sure the full path is set in the cookie
   if((navigator.appName == 'Microsoft Internet Explorer') || ((navigator.appName == 'Netscape') && (new RegExp("Trident/.*rv:([0-9]{1,}[\.0-9]{0,})").exec(navigator.userAgent) != null))){
-    document.cookie = name + "=" + value + expires + "; path=/"; /* Note this bodge fix for IE is temporary until auth is rewritten */
+    document.cookie = name + "=" + value + expires + "; path=/" + secure; /* Note this bodge fix for IE is temporary until auth is rewritten */
   }
   else{
-    document.cookie = name + "=" + value + expires + "; path=" + path;
+    document.cookie = name + "=" + value + expires + "; path=" + path + secure;
   }
 
 }