@tredstone I recommend to keep the cookies secure to false only for development mode. For production, you should have an SSL certificate and make cookies secure. You can get a free SSL certificate using letsencrypt.org (so I have heard)