diff --git a/.env b/.env
index 5a16080..fed0573 100644
--- a/.env
+++ b/.env
@@ -3,3 +3,7 @@ P_DBPATH="db.sqlite3"
 P_LOGLEVEL="debug"
 P_ENABLEGINLOGGER="true"
 P_PRODUCTION="false"
+
+# Disabled for development
+# (not recommended for production environments)
+P_SECURECOOKIE="false"
diff --git a/config/main.go b/config/main.go
index 82e6189..48615c4 100644
--- a/config/main.go
+++ b/config/main.go
@@ -15,6 +15,8 @@ type Config struct {
 	HeaderAuth      bool   `default:"false"`
 	DefaultUsername string
 	DefaultPassword string
+	// Controls the "secure" option for a token cookie.
+	SecureCookie bool `default:"true"`
 }
 
 func GetConfig() (*Config, error) {
diff --git a/readme.md b/readme.md
index c24f635..2351175 100644
--- a/readme.md
+++ b/readme.md
@@ -24,6 +24,7 @@ Service settings can be set through environment variables.
 | P_HEADERAUTH        | Enable Trusted Header Auth (SSO)                                 | `false`                               |
 | P_DEFAULTUSERNAME   | Data for the first user.                                         |                                       |
 | P_DEFAULTPASSWORD   | Data for the first user.                                         |                                       |
+| P_SECURECOOKIE      | Controls the "secure" option for a token cookie.                 | `true`                                |
 
 ## Docker-compose example
 ```yml
diff --git a/views/auth.go b/views/auth.go
index e10ab21..f536f06 100644
--- a/views/auth.go
+++ b/views/auth.go
@@ -79,7 +79,7 @@ func AuthMiddleware(c *gin.Context, db *gorm.DB, cfg *config.Config) {
 				ShowError(c, err)
 				return
 			}
-			SetTokenCookie(c, token)
+			SetTokenCookie(c, token, cfg)
 			return
 		}
 
@@ -99,7 +99,7 @@ func AuthMiddleware(c *gin.Context, db *gorm.DB, cfg *config.Config) {
 			ShowError(c, err)
 			return
 		}
-		SetTokenCookie(c, newToken)
+		SetTokenCookie(c, newToken, cfg)
 	}
 }
 
@@ -132,7 +132,7 @@ func CreateUser(c *gin.Context, db *gorm.DB, cfg *config.Config) {
 		ShowError(c, err)
 		return
 	}
-	SetTokenCookie(c, token)
+	SetTokenCookie(c, token, cfg)
 
 	// Redirect to homepage.
 	c.Redirect(http.StatusFound, "/")
@@ -154,13 +154,13 @@ func AuthorizeUser(c *gin.Context, db *gorm.DB, cfg *config.Config) {
 		ShowError(c, err)
 		return
 	}
-	SetTokenCookie(c, token)
+	SetTokenCookie(c, token, cfg)
 
 	// Redirect to homepage.
 	c.Redirect(http.StatusFound, "/")
 }
 
-// Save token for one day in cookies
-func SetTokenCookie(c *gin.Context, token string) {
-	c.SetCookie("phoenix-token", token, TOKEN_LIFETIME_IN_SECONDS, "/", "", false, true)
+// Save token in cookies
+func SetTokenCookie(c *gin.Context, token string, cfg *config.Config) {
+	c.SetCookie("phoenix-token", token, TOKEN_LIFETIME_IN_SECONDS, "/", "", cfg.SecureCookie, true)
 }