diff --git a/internal/api/v1/auth/oidc.go b/internal/api/v1/auth/oidc.go
index e22904c..d56cb50 100644
--- a/internal/api/v1/auth/oidc.go
+++ b/internal/api/v1/auth/oidc.go
@@ -162,7 +162,7 @@ func (auth *OIDCProvider) RedirectLoginPage(w http.ResponseWriter, r *http.Reque
 		MaxAge:   300,
 		HttpOnly: true,
 		SameSite: http.SameSiteLaxMode,
-		Secure:   true,
+		Secure:   r.TLS != nil,
 		Path:     "/",
 	})
 
diff --git a/internal/api/v1/auth/utils.go b/internal/api/v1/auth/utils.go
index 91eec3e..bd7f9a8 100644
--- a/internal/api/v1/auth/utils.go
+++ b/internal/api/v1/auth/utils.go
@@ -43,7 +43,7 @@ func setTokenCookie(w http.ResponseWriter, r *http.Request, name, value string,
 		MaxAge:   int(ttl.Seconds()),
 		Domain:   cookieFQDN(r),
 		HttpOnly: true,
-		Secure:   true,
+		Secure:   r.TLS != nil,
 		SameSite: http.SameSiteLaxMode,
 		Path:     "/",
 	})
@@ -56,7 +56,6 @@ func clearTokenCookie(w http.ResponseWriter, r *http.Request, name string) {
 		MaxAge:   -1,
 		Domain:   cookieFQDN(r),
 		HttpOnly: true,
-		Secure:   true,
 		SameSite: http.SameSiteLaxMode,
 		Path:     "/",
 	})