diff --git a/.env.example b/.env.example
index e99ee0f..ffa98dd 100644
--- a/.env.example
+++ b/.env.example
@@ -1,2 +1,3 @@
 DATABASE_URL=postgresql://postgres:postgres@localhost:5432/postgres
-SECRET=
\ No newline at end of file
+SECRET=
+ENVIRONMENT=
\ No newline at end of file
diff --git a/src/server/server.ts b/src/server/server.ts
index 0fa76d1..7b1c6ec 100644
--- a/src/server/server.ts
+++ b/src/server/server.ts
@@ -27,7 +27,11 @@ server.set('trust proxy', 1);
 server.use(
   session({
     secret: process.env.SECRET,
-    name: 'sessionId'
+    name: 'sessionId',
+    cookie: {
+      secure: process.env.ENVIRONMENT !== 'dev',
+      httpOnly: true
+    }
   })
 );
 server.use(limiter);