right.. so in your backend, when you call the init function, please set the cookieSecure attribute to false