diff --git a/crates/ruma-client-api/CHANGELOG.md b/crates/ruma-client-api/CHANGELOG.md
index 1275adbe..2919fb39 100644
--- a/crates/ruma-client-api/CHANGELOG.md
+++ b/crates/ruma-client-api/CHANGELOG.md
@@ -23,6 +23,7 @@ Improvements:
   login types.
 - Add deprecated `address` and `medium` 3PID fields for `m.login.password`
   login type.
+- Add optional cookie field to `session::sso_login*::v3` responses.
 
 # 0.17.4
 
diff --git a/crates/ruma-client-api/src/session/sso_login.rs b/crates/ruma-client-api/src/session/sso_login.rs
index fc0a9e08..6834474f 100644
--- a/crates/ruma-client-api/src/session/sso_login.rs
+++ b/crates/ruma-client-api/src/session/sso_login.rs
@@ -5,7 +5,7 @@ pub mod v3 {
     //!
     //! [spec]: https://spec.matrix.org/latest/client-server-api/#get_matrixclientv3loginssoredirect
 
-    use http::header::LOCATION;
+    use http::header::{LOCATION, SET_COOKIE};
     use ruma_common::{
         api::{request, response, Metadata},
         metadata,
@@ -37,6 +37,10 @@ pub mod v3 {
         /// Redirect URL to the SSO identity provider.
         #[ruma_api(header = LOCATION)]
         pub location: String,
+
+        /// Cookie storing state to secure the SSO process.
+        #[ruma_api(header = SET_COOKIE)]
+        pub cookie: Option<String>,
     }
 
     impl Request {
@@ -49,7 +53,7 @@ pub mod v3 {
     impl Response {
         /// Creates a new `Response` with the given SSO URL.
         pub fn new(location: String) -> Self {
-            Self { location }
+            Self { location, cookie: None }
         }
     }
 
diff --git a/crates/ruma-client-api/src/session/sso_login_with_provider.rs b/crates/ruma-client-api/src/session/sso_login_with_provider.rs
index d04a82a4..b537e110 100644
--- a/crates/ruma-client-api/src/session/sso_login_with_provider.rs
+++ b/crates/ruma-client-api/src/session/sso_login_with_provider.rs
@@ -7,7 +7,7 @@ pub mod v3 {
     //!
     //! [spec]: https://spec.matrix.org/latest/client-server-api/#get_matrixclientv3loginssoredirectidpid
 
-    use http::header::LOCATION;
+    use http::header::{LOCATION, SET_COOKIE};
     use ruma_common::{
         api::{request, response, Metadata},
         metadata,
@@ -43,6 +43,10 @@ pub mod v3 {
         /// Redirect URL to the SSO identity provider.
         #[ruma_api(header = LOCATION)]
         pub location: String,
+
+        /// Cookie storing state to secure the SSO process.
+        #[ruma_api(header = SET_COOKIE)]
+        pub cookie: Option<String>,
     }
 
     impl Request {
@@ -55,7 +59,7 @@ pub mod v3 {
     impl Response {
         /// Creates a new `Response` with the given SSO URL.
         pub fn new(location: String) -> Self {
-            Self { location }
+            Self { location, cookie: None }
         }
     }