The Secure flag was tied to NODE_ENV=production, which broke sessions on HTTP staging servers. Using a dedicated COOKIE_SECURE env var allows production-mode Next.js to run over HTTP for staging while still enabling Secure cookies in production (HTTPS). Made-with: Cursor
616 B
616 B