diff --git a/application/Espo/Core/Authentication/Authentication.php b/application/Espo/Core/Authentication/Authentication.php
index d76233fccb..d11b200506 100644
--- a/application/Espo/Core/Authentication/Authentication.php
+++ b/application/Espo/Core/Authentication/Authentication.php
@@ -449,7 +449,7 @@ class Authentication
             if ($authToken->get('secret')) {
                 $sentSecret = $request->getCookieParam('auth-token-secret');
                 if ($sentSecret === $authToken->get('secret')) {
-                    setcookie('auth-token-secret', null, -1, '/');
+                    $this->setSecretInCookie(null);
                 }
             }
             return true;
@@ -501,15 +501,21 @@ class Authentication
         $this->entityManager->saveEntity($authLogRecord);
     }
 
-    protected function setSecretInCookie(string $secret)
+    protected function setSecretInCookie(?string $secret)
     {
+        if (!$secret) {
+            $time = -1;
+        } else {
+            $time = strtotime('+1000 days');
+        }
+
         if (version_compare(\PHP_VERSION, '7.3.0') < 0) {
-            setcookie('auth-token-secret', $secret, strtotime('+1000 days'), '/', '', false, true);
+            setcookie('auth-token-secret', $secret, $time, '/', '', false, true);
             return;
         }
 
         setcookie('auth-token-secret', $secret, [
-            'expires' => strtotime('+1000 days'),
+            'expires' => $time,
             'path' => '/',
             'httponly' => true,
             'samesite' => 'Lax',
diff --git a/client/src/app.js b/client/src/app.js
index 6a00fd1e0e..54cb7a4699 100644
--- a/client/src/app.js
+++ b/client/src/app.js
@@ -551,13 +551,13 @@ define(
         setCookieAuth: function (username, token) {
             var date = new Date();
             date.setTime(date.getTime() + (1000 * 24*60*60*1000));
-            document.cookie = 'auth-username='+username+'; expires='+date.toGMTString()+'; path=/';
-            document.cookie = 'auth-token='+token+'; expires='+date.toGMTString()+'; path=/';
+            document.cookie = 'auth-username='+username+'; SameSite=Lax; expires='+date.toGMTString()+'; path=/';
+            document.cookie = 'auth-token='+token+'; SameSite=Lax; expires='+date.toGMTString()+'; path=/';
         },
 
         unsetCookieAuth: function () {
-            document.cookie = 'auth-username' + '=; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/';
-            document.cookie = 'auth-token' + '=; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/';
+            document.cookie = 'auth-username' + '=; SameSite=Lax; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/';
+            document.cookie = 'auth-token' + '=; SameSite=Lax; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/';
         },
 
         initUserData: function (options, callback) {
@@ -671,7 +671,7 @@ define(
                             if (self.auth) {
                                 self.logout();
                             } else {
-                                Espo.Ui.error(self.language.translate('Auth error'));
+                                console.error('Error 401: Unauthorized.');
                             }
                         }
                         break;
diff --git a/client/src/views/main.js b/client/src/views/main.js
index 35e1797654..8eebd28486 100644
--- a/client/src/views/main.js
+++ b/client/src/views/main.js
@@ -199,7 +199,7 @@ define('views/main', 'view', function (Dep) {
             var type = false;
 
             ['actions', 'dropdown', 'buttons'].forEach(function (t) {
-                this.menu[t].forEach(function (item, i) {
+                (this.menu[t] || []).forEach(function (item, i) {
                     item = item || {};
                     if (item.name == name) {
                         index = i;
@@ -244,7 +244,7 @@ define('views/main', 'view', function (Dep) {
 
         hideHeaderActionItem: function (name) {
             ['actions', 'dropdown', 'buttons'].forEach(function (t) {
-                this.menu[t].forEach(function (item, i) {
+                (this.menu[t] || []).forEach(function (item, i) {
                     item = item || {};
                     if (item.name == name) {
                         item.hidden = true;
@@ -260,7 +260,7 @@ define('views/main', 'view', function (Dep) {
 
         showHeaderActionItem: function (name) {
             ['actions', 'dropdown', 'buttons'].forEach(function (t) {
-                this.menu[t].forEach(function (item, i) {
+                (this.menu[t] || []).forEach(function (item, i) {
                     item = item || {};
                     if (item.name == name) {
                         item.hidden = false;
@@ -276,7 +276,7 @@ define('views/main', 'view', function (Dep) {
 
         hasMenuVisibleDropdownItems: function () {
             var hasItems = false;
-            this.menu.dropdown.forEach(function (item) {
+            (this.menu.dropdown || []).forEach(function (item) {
                 if (!item.hidden) hasItems = true;
             });
             return hasItems;
diff --git a/package.json b/package.json
index 147aef0096..12517e6a2e 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "espocrm",
-  "version": "5.9.3",
+  "version": "5.9.4",
   "description": "",
   "main": "index.php",
   "repository": {