diff --git a/src/backend/server/src/Todo.Api/Startup.cs b/src/backend/server/src/Todo.Api/Startup.cs
index 5e3f512..563b976 100644
--- a/src/backend/server/src/Todo.Api/Startup.cs
+++ b/src/backend/server/src/Todo.Api/Startup.cs
@@ -65,7 +65,7 @@ namespace Todo.Api
 
             app.UseRouting();
             app.UseCors();
-
+            app.UseInfrastructure();
             app.UseAuthentication();
             app.UseAuthorization();
 
diff --git a/src/backend/server/src/Todo.Infrastructure/DependencyInjection.cs b/src/backend/server/src/Todo.Infrastructure/DependencyInjection.cs
index faef2f2..aa5f607 100644
--- a/src/backend/server/src/Todo.Infrastructure/DependencyInjection.cs
+++ b/src/backend/server/src/Todo.Infrastructure/DependencyInjection.cs
@@ -1,5 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
@@ -19,6 +20,7 @@ public static class DependencyInjection
             .Bind(giteaOptions)
             .ValidateDataAnnotations();
 
+
         return services.AddAuthentication(options =>
             {
                 options.DefaultScheme = "Cookies";
@@ -36,7 +38,11 @@ public static class DependencyInjection
             }).Services;
     }
 
-    public static IApplicationBuilder UseInfrastructure(this IApplicationBuilder app) => app;
+    public static IApplicationBuilder UseInfrastructure(this IApplicationBuilder app) => app.UseCookiePolicy(
+        new CookiePolicyOptions
+        {
+            Secure = CookieSecurePolicy.Always
+        });
 }
 
 public class GiteaAuthOptions