diff --git a/ChangeLog.md b/ChangeLog.md
new file mode 100644
--- /dev/null
+++ b/ChangeLog.md
@@ -0,0 +1,3 @@
+## 0.4.2
+
+* Added SameSite [#13](https://github.com/snoyberg/cookie/pull/13)
diff --git a/README.md b/README.md
new file mode 100644
--- /dev/null
+++ b/README.md
@@ -0,0 +1,5 @@
+## cookie
+
+[![Build Status](https://travis-ci.org/snoyberg/cookie.svg?branch=master)](https://travis-ci.org/snoyberg/cookie)
+
+HTTP cookie parsing and rendering
diff --git a/Web/Cookie.hs b/Web/Cookie.hs
--- a/Web/Cookie.hs
+++ b/Web/Cookie.hs
@@ -12,6 +12,10 @@
     , setCookieDomain
     , setCookieHttpOnly
     , setCookieSecure
+    , setCookieSameSite
+    , SameSiteOption
+    , sameSiteLax
+    , sameSiteStrict
       -- ** Functions
     , parseSetCookie
     , renderSetCookie
@@ -100,7 +104,7 @@
                                        `mappend` fromByteString v
 -- | Data type representing the key-value pair to use for a cookie, as well as configuration options for it.
 --
--- ==== Creating a SetCookie 
+-- ==== Creating a SetCookie
 --
 -- 'SetCookie' does not export a constructor; instead, use the 'Default' instance to create one and override values (see <http://www.yesodweb.com/book/settings-types> for details):
 --
@@ -122,11 +126,24 @@
     , setCookieDomain :: Maybe S.ByteString -- ^ The domain for which the cookie should be sent. Default value: @Nothing@ (The browser defaults to the current domain).
     , setCookieHttpOnly :: Bool -- ^ Marks the cookie as "HTTP only", i.e. not accessible from Javascript. Default value: @False@
     , setCookieSecure :: Bool -- ^ Instructs the browser to only send the cookie over HTTPS. Default value: @False@
+    , setCookieSameSite :: Maybe SameSiteOption -- ^ Marks the cookie as "same site", i.e. should not be sent with cross-site requests. Default value: @Nothing@
     }
     deriving (Eq, Show)
 
+-- | Data type representing the options for a SameSite cookie
+data SameSiteOption = Lax | Strict deriving (Show, Eq)
+
+instance NFData SameSiteOption where
+  rnf x = x `seq` ()
+
+sameSiteLax :: SameSiteOption
+sameSiteLax = Lax
+
+sameSiteStrict :: SameSiteOption
+sameSiteStrict = Strict
+
 instance NFData SetCookie where
-    rnf (SetCookie a b c d e f g h) =
+    rnf (SetCookie a b c d e f g h i) =
         a `seq`
         b `seq`
         rnfMBS c `seq`
@@ -134,7 +151,8 @@
         rnf e `seq`
         rnfMBS f `seq`
         rnf g `seq`
-        rnf h
+        rnf h `seq`
+        rnf i
       where
         -- For backwards compatibility
         rnfMBS Nothing = ()
@@ -150,6 +168,7 @@
         , setCookieDomain   = Nothing
         , setCookieHttpOnly = False
         , setCookieSecure   = False
+        , setCookieSameSite = Nothing
         }
 
 renderSetCookie :: SetCookie -> Builder
@@ -179,6 +198,10 @@
     , if setCookieSecure sc
         then copyByteString "; Secure"
         else mempty
+    , case setCookieSameSite sc of
+        Nothing -> mempty
+        Just Lax -> copyByteString "; SameSite=Lax"
+        Just Strict -> copyByteString "; SameSite=Strict"
     ]
 
 parseSetCookie :: S.ByteString -> SetCookie
@@ -193,6 +216,10 @@
     , setCookieDomain = lookup "domain" flags
     , setCookieHttpOnly = isJust $ lookup "httponly" flags
     , setCookieSecure = isJust $ lookup "secure" flags
+    , setCookieSameSite = case lookup "samesite" flags of
+        Just "Lax" -> Just Lax
+        Just "Strict" -> Just Strict
+        _ -> Nothing
     }
   where
     pairs = map (parsePair . dropSpace) $ S.split 59 a ++ [S8.empty] -- 59 = semicolon
diff --git a/cookie.cabal b/cookie.cabal
--- a/cookie.cabal
+++ b/cookie.cabal
@@ -1,15 +1,17 @@
 name:            cookie
-version:         0.4.1.6
+version:         0.4.2
 license:         BSD3
 license-file:    LICENSE
 author:          Michael Snoyman <michael@snoyman.com>
 maintainer:      Michael Snoyman <michael@snoyman.com>
 synopsis:        HTTP cookie parsing and rendering
+description:     Hackage documentation generation is not reliable. For up to date documentation, please see: <https://www.stackage.org/package/cookie>.
 category:        Web, Yesod
 stability:       Stable
 cabal-version:   >= 1.8
 build-type:      Simple
 homepage:        http://github.com/snoyberg/cookie
+extra-source-files: README.md ChangeLog.md
 
 library
     build-depends:   base                      >= 4        && < 5
diff --git a/test/Spec.hs b/test/Spec.hs
--- a/test/Spec.hs
+++ b/test/Spec.hs
@@ -52,6 +52,9 @@
     showList = (++) . show . concatMap show
 instance Arbitrary Char' where
     arbitrary = fmap (Char' . toEnum) $ choose (62, 125)
+newtype SameSiteOption' = SameSiteOption' { unSameSiteOption' :: SameSiteOption }
+instance Arbitrary SameSiteOption' where
+  arbitrary = fmap SameSiteOption' (elements [sameSiteLax, sameSiteStrict])
 
 propParseRenderSetCookie :: SetCookie -> Bool
 propParseRenderSetCookie sc =
@@ -67,6 +70,7 @@
         domain <- fmap (fmap fromUnChars) arbitrary
         httponly <- arbitrary
         secure <- arbitrary
+        sameSite <- fmap (fmap unSameSiteOption') arbitrary
         return def
             { setCookieName = name
             , setCookieValue = value
@@ -75,6 +79,7 @@
             , setCookieDomain = domain
             , setCookieHttpOnly = httponly
             , setCookieSecure = secure
+            , setCookieSameSite = sameSite
             }
 
 caseParseCookies :: Assertion
