Fix: Session cookie secure=false for HTTP support

In production with HTTP, secure cookies are rejected by browsers. Allow HTTP until behind proper HTTPS proxy.
2026-02-25 03:48:04 +00:00
parent 0e2cae715a
commit e6ba19fe8e
1 changed files with 1 additions and 1 deletions
--- a/server/index.js
+++ b/server/index.js
@@ -61,7 +61,7 @@ app.use(session({
  resave: false,
  saveUninitialized: false,
  cookie: {
-    secure: process.env.NODE_ENV === 'production',
+    secure: false, // Allow HTTP (set to true only behind HTTPS proxy)
    maxAge: CONFIG.sessionMaxAge
  }
 }));