app.py

@@ -107,6 +107,7 @@ SESSION_COOKIE_SECURE = app.config.get("SESSION_COOKIE_SECURE")
 
 app.config["COMPRESS_ALGORITHM"] = ["zstd", "br", "gzip", "deflate"]
 app.config["PERMANENT_SESSION_LIFETIME"] = timedelta(minutes=SESSION_TIMEOUT_MINUTES)
+app.config["SESSION_COOKIE_SECURE"] = bool(app.config.get("SESSION_COOKIE_SECURE", False))
 
 app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1)
 DEBUG_MODE = app.config.get("DEBUG_MODE", False)
@@ -1125,7 +1126,7 @@ def system_auth():
                 "authorized",
                 AUTHORIZED_COOKIE_VALUE,
                 max_age=max_age,
-                secure=request.is_secure,
+                secure=app.config["SESSION_COOKIE_SECURE"],
             )
             return resp
         else: