@User yup. COOKIE_SECURE=true means that the cookies will only be send to your nodejs APIs when you are using https. If not using https, no session cookies will go through resulting in session timeout