diff --git a/nodes/core/io/21-httpin.html b/nodes/core/io/21-httpin.html
index f20a1b62d..e6b24a291 100644
--- a/nodes/core/io/21-httpin.html
+++ b/nodes/core/io/21-httpin.html
@@ -81,7 +81,33 @@
         <li><code>statusCode</code>, if set, is used as the response status code (default: 200)</li>
         <li><code>headers</code>, if set, should be an object containing field/value
         pairs to be added as response headers.</li>
+        <li><code>cookies</code>, if set, can be used to set or delete cookies.
     </ul>
+    <h3>Cookie handling</h3>
+    <p>The <code>cookies</code> property must be an object of name/value pairs.
+    The value can be either a string to set the value of the cookie with default
+    options, or it can be an object of options.<p>
+    <p>The following example sets two cookies - one called <code>name</code> with
+    a value of <code>nick</code>, the other called <code>session</code> with a
+    value of <code>1234</code> and an expiry set to 15 minutes.</p>
+    <pre>
+msg.cookies = {
+    name: 'nick',
+    session: {
+        value: '1234',
+        maxAge: 900000
+    }
+}</pre>
+    <p>The valid options include:</p>
+    <ul>
+    <li><code>domain</code> - (String) domain name for the cookie</li>
+    <li><code>expires</code> - (Date) expiry date in GMT. If not specified or set to 0, creates a session cookie</li>
+    <li><code>maxAge</code> - (String) expiry date as relative to the current time in milliseconds</li>
+    <li><code>path</code> - (String) path for the cookie. Defaults to /</li>
+    <li><code>value</code> - (String) the value to use for the cookie</li>
+    </ul>
+    <p>To delete a cookie, set its <code>value</code> to <code>null</code>.</p>
+
 </script>
 
 <script type="text/javascript">
diff --git a/nodes/core/io/21-httpin.js b/nodes/core/io/21-httpin.js
index 0871ffec2..a98cb4e86 100644
--- a/nodes/core/io/21-httpin.js
+++ b/nodes/core/io/21-httpin.js
@@ -17,6 +17,7 @@
 module.exports = function(RED) {
     "use strict";
     var bodyParser = require("body-parser");
+    var cookieParser = require("cookie-parser");
     var getBody = require('raw-body');
     var cors = require('cors');
     var jsonParser = bodyParser.json();
@@ -223,13 +224,13 @@ module.exports = function(RED) {
             }
 
             if (this.method == "get") {
-                RED.httpNode.get(this.url,httpMiddleware,corsHandler,metricsHandler,this.callback,this.errorHandler);
+                RED.httpNode.get(this.url,cookieParser(),httpMiddleware,corsHandler,metricsHandler,this.callback,this.errorHandler);
             } else if (this.method == "post") {
-                RED.httpNode.post(this.url,httpMiddleware,corsHandler,metricsHandler,jsonParser,urlencParser,rawBodyParser,this.callback,this.errorHandler);
+                RED.httpNode.post(this.url,cookieParser(),httpMiddleware,corsHandler,metricsHandler,jsonParser,urlencParser,rawBodyParser,this.callback,this.errorHandler);
             } else if (this.method == "put") {
-                RED.httpNode.put(this.url,httpMiddleware,corsHandler,metricsHandler,jsonParser,urlencParser,rawBodyParser,this.callback,this.errorHandler);
+                RED.httpNode.put(this.url,cookieParser(),httpMiddleware,corsHandler,metricsHandler,jsonParser,urlencParser,rawBodyParser,this.callback,this.errorHandler);
             } else if (this.method == "delete") {
-                RED.httpNode.delete(this.url,httpMiddleware,corsHandler,metricsHandler,jsonParser,urlencParser,rawBodyParser,this.callback,this.errorHandler);
+                RED.httpNode.delete(this.url,cookieParser(),httpMiddleware,corsHandler,metricsHandler,jsonParser,urlencParser,rawBodyParser,this.callback,this.errorHandler);
             }
 
             this.on("close",function() {
@@ -255,6 +256,23 @@ module.exports = function(RED) {
                 if (msg.headers) {
                     msg.res._res.set(msg.headers);
                 }
+                if (msg.cookies) {
+                    for (var name in msg.cookies) {
+                        if (msg.cookies.hasOwnProperty(name)) {
+                            if (msg.cookies[name] === null || msg.cookies[name].value === null) {
+                                if (msg.cookies[name]!==null) {
+                                    msg.res._res.clearCookie('name',msg.cookies[name]);
+                                } else {
+                                    msg.res._res.clearCookie('name');
+                                }
+                            } else  if (typeof msg.cookies[name] === 'object') {
+                                msg.res._res.cookie(name,msg.cookies[name].value,msg.cookies[name]);
+                            } else {
+                                msg.res._res.cookie(name,msg.cookies[name]);
+                            }
+                        }
+                    }
+                }
                 var statusCode = msg.statusCode || 200;
                 if (typeof msg.payload == "object" && !Buffer.isBuffer(msg.payload)) {
                     msg.res._res.status(statusCode).jsonp(msg.payload);
diff --git a/package.json b/package.json
index 5ee8a268e..264e676f7 100644
--- a/package.json
+++ b/package.json
@@ -30,6 +30,7 @@
         "body-parser": "1.15.0",
         "cheerio":"0.19.0",
         "clone": "1.0.2",
+        "cookie-parser": "1.4.3",
         "cors":"2.7.1",
         "cron":"1.1.0",
         "express": "4.13.4",