Auth0 Home Blog Docs

Login in PRODUCTION not working unless I remove = true;

I am deploying Node.js app on Heroku, and I can go to login screen, but after callback, it does not login.

Somehow, I can replicate it by setting NODE_ENV=production

So, I comment out

    if (app.get("env") === "production") {
        // = true; // serve secure cookies, requires https

It now works, but it fear it might be insecure…

The code is here.

Is your Heroku app configured to use HTTPS?
That line will issue a SECURE cookie which will only be sent back over HTTPs. It seems like you app may not be using HTTPs…