reviewed

backend/routes/auth.py

@@ -8,6 +8,7 @@ from sqlalchemy.ext.asyncio import AsyncSession
 from auth import (
     ACCESS_TOKEN_EXPIRE_MINUTES,
     COOKIE_NAME,
+    COOKIE_SECURE,
     get_password_hash,
     get_user_by_email,
     authenticate_user,
@@ -30,7 +31,7 @@ def set_auth_cookie(response: Response, token: str) -> None:
         key=COOKIE_NAME,
         value=token,
         httponly=True,
-        secure=False,  # Set to True in production with HTTPS
+        secure=COOKIE_SECURE,
         samesite="lax",
         max_age=ACCESS_TOKEN_EXPIRE_MINUTES * 60,
     )
@@ -132,4 +133,3 @@ async def get_me(
 ) -> UserResponse:
     """Get the current authenticated user's info."""
     return await build_user_response(current_user, db)
-