diff --git a/striker-ui-api/src/session.ts b/striker-ui-api/src/session.ts
index 1d9b1133..d127889c 100644
--- a/striker-ui-api/src/session.ts
+++ b/striker-ui-api/src/session.ts
@@ -182,7 +182,11 @@ export class SessionStore extends BaseSessionStore {
 
 export default (async () =>
   expressSession({
-    cookie: { maxAge: DEFAULT_COOKIE_ORIGINAL_MAX_AGE },
+    cookie: {
+      httpOnly: true,
+      maxAge: DEFAULT_COOKIE_ORIGINAL_MAX_AGE,
+      secure: false,
+    },
     genid: ({ path }) => {
       const sid = uuid();