Use secure: true on session cookie
Tracking issue for:
https://github.com/FarmasiaVR/farmasia-vr-certificate-backend/security/code-scanning/7