diff --git a/lib/socket/socket.react.js b/lib/socket/socket.react.js
--- a/lib/socket/socket.react.js
+++ b/lib/socket/socket.react.js
@@ -27,7 +27,7 @@
   logInActionSources,
   type LogOutResult,
 } from '../types/account-types.js';
-import { isWebPlatform, type PlatformDetails } from '../types/device-types.js';
+import { type PlatformDetails } from '../types/device-types.js';
 import type { CalendarQuery } from '../types/entry-types.js';
 import { forcePolicyAcknowledgmentActionType } from '../types/policy-types.js';
 import type { Dispatch } from '../types/redux-types.js';
@@ -130,8 +130,8 @@
   openSocket(newStatus: ConnectionStatus) {
     if (
       this.props.frozen ||
-      (!isWebPlatform(getConfig().platformDetails.platform) &&
-        (!this.props.cookie || !this.props.cookie.startsWith('user=')))
+      !this.props.cookie ||
+      !this.props.cookie.startsWith('user=')
     ) {
       return;
     }
diff --git a/web/app.react.js b/web/app.react.js
--- a/web/app.react.js
+++ b/web/app.react.js
@@ -83,9 +83,7 @@
   // We can't securely cache credentials on web, so we have no way to recover
   // from a cookie invalidation
   resolveInvalidatedCookie: null,
-  // We use httponly cookies on web to protect against XSS attacks, so we have
-  // no access to the cookies from JavaScript
-  setCookieOnRequest: false,
+  setCookieOnRequest: true,
   setSessionIDOnRequest: true,
   // Never reset the calendar range
   calendarRangeInactivityLimit: null,
diff --git a/web/selectors/socket-selectors.js b/web/selectors/socket-selectors.js
--- a/web/selectors/socket-selectors.js
+++ b/web/selectors/socket-selectors.js
@@ -6,6 +6,7 @@
 import {
   sessionIDSelector,
   urlPrefixSelector,
+  cookieSelector,
 } from 'lib/selectors/keyserver-selectors.js';
 import {
   getClientResponsesSelector,
@@ -42,8 +43,12 @@
 const sessionIdentificationSelector: (
   state: AppState,
 ) => SessionIdentification = createSelector(
+  cookieSelector,
   sessionIDSelector,
-  (sessionID: ?string): SessionIdentification => ({ sessionID }),
+  (cookie: ?string, sessionID: ?string): SessionIdentification => ({
+    cookie,
+    sessionID,
+  }),
 );
 
 const getSignedIdentityKeysBlobSelector: (