diff --git a/docker/.env.example b/docker/.env.example
index b6cc050b0..dab25248a 100644
--- a/docker/.env.example
+++ b/docker/.env.example
@@ -99,6 +99,7 @@ JWT_TOKEN_EXPIRY_IN_MINUTES=360
 JWT_REFRESH_TOKEN_EXPIRY_IN_MINUTES=43200
 # EXPIRE_AUTH_TOKENS_ON_RESTART=true # (if you need to expire all tokens on app restart)
 # EXPRESS_SESSION_SECRET=flowise
+# SECURE_COOKIES=
 
 # INVITE_TOKEN_EXPIRY_IN_HOURS=24
 # PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS=15
diff --git a/docker/docker-compose-queue-prebuilt.yml b/docker/docker-compose-queue-prebuilt.yml
index 51a18e96d..0063eeb1f 100644
--- a/docker/docker-compose-queue-prebuilt.yml
+++ b/docker/docker-compose-queue-prebuilt.yml
@@ -89,6 +89,7 @@ services:
             - PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS=${PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS}
             - PASSWORD_SALT_HASH_ROUNDS=${PASSWORD_SALT_HASH_ROUNDS}
             - TOKEN_HASH_SECRET=${TOKEN_HASH_SECRET}
+            - SECURE_COOKIES=${SECURE_COOKIES}
 
             # EMAIL
             - SMTP_HOST=${SMTP_HOST}
@@ -232,6 +233,7 @@ services:
             - PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS=${PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS}
             - PASSWORD_SALT_HASH_ROUNDS=${PASSWORD_SALT_HASH_ROUNDS}
             - TOKEN_HASH_SECRET=${TOKEN_HASH_SECRET}
+            - SECURE_COOKIES=${SECURE_COOKIES}
 
             # EMAIL
             - SMTP_HOST=${SMTP_HOST}
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 54bcac359..f66d7106d 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -74,6 +74,7 @@ services:
             - PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS=${PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS}
             - PASSWORD_SALT_HASH_ROUNDS=${PASSWORD_SALT_HASH_ROUNDS}
             - TOKEN_HASH_SECRET=${TOKEN_HASH_SECRET}
+            - SECURE_COOKIES=${SECURE_COOKIES}
 
             # EMAIL
             - SMTP_HOST=${SMTP_HOST}
diff --git a/docker/worker/.env.example b/docker/worker/.env.example
index 6c2ce8c52..769286dff 100644
--- a/docker/worker/.env.example
+++ b/docker/worker/.env.example
@@ -99,6 +99,7 @@ JWT_TOKEN_EXPIRY_IN_MINUTES=360
 JWT_REFRESH_TOKEN_EXPIRY_IN_MINUTES=43200
 # EXPIRE_AUTH_TOKENS_ON_RESTART=true # (if you need to expire all tokens on app restart)
 # EXPRESS_SESSION_SECRET=flowise
+# SECURE_COOKIES=
 
 # INVITE_TOKEN_EXPIRY_IN_HOURS=24
 # PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS=15
diff --git a/docker/worker/docker-compose.yml b/docker/worker/docker-compose.yml
index 71de912a7..952dc04cd 100644
--- a/docker/worker/docker-compose.yml
+++ b/docker/worker/docker-compose.yml
@@ -74,6 +74,7 @@ services:
             - PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS=${PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS}
             - PASSWORD_SALT_HASH_ROUNDS=${PASSWORD_SALT_HASH_ROUNDS}
             - TOKEN_HASH_SECRET=${TOKEN_HASH_SECRET}
+            - SECURE_COOKIES=${SECURE_COOKIES}
 
             # EMAIL
             - SMTP_HOST=${SMTP_HOST}
diff --git a/packages/server/.env.example b/packages/server/.env.example
index f8ba1c485..219a17d1d 100644
--- a/packages/server/.env.example
+++ b/packages/server/.env.example
@@ -99,6 +99,7 @@ JWT_TOKEN_EXPIRY_IN_MINUTES=360
 JWT_REFRESH_TOKEN_EXPIRY_IN_MINUTES=43200
 # EXPIRE_AUTH_TOKENS_ON_RESTART=true # (if you need to expire all tokens on app restart)
 # EXPRESS_SESSION_SECRET=flowise
+# SECURE_COOKIES=
 
 # INVITE_TOKEN_EXPIRY_IN_HOURS=24
 # PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS=15
diff --git a/packages/server/src/enterprise/middleware/passport/index.ts b/packages/server/src/enterprise/middleware/passport/index.ts
index 5cbf0b16b..8cb0f594a 100644
--- a/packages/server/src/enterprise/middleware/passport/index.ts
+++ b/packages/server/src/enterprise/middleware/passport/index.ts
@@ -33,7 +33,16 @@ const expireAuthTokensOnRestart = process.env.EXPIRE_AUTH_TOKENS_ON_RESTART ===
 const jwtAuthTokenSecret = process.env.JWT_AUTH_TOKEN_SECRET || 'auth_token'
 const jwtRefreshSecret = process.env.JWT_REFRESH_TOKEN_SECRET || process.env.JWT_AUTH_TOKEN_SECRET || 'refresh_token'
 
-const secureCookie = process.env.APP_URL?.startsWith('https') ? true : false
+// Allow explicit override of cookie security settings
+// This is useful when running behind a reverse proxy/load balancer that terminates SSL
+const secureCookie =
+    process.env.SECURE_COOKIES === 'false'
+        ? false
+        : process.env.SECURE_COOKIES === 'true'
+        ? true
+        : process.env.APP_URL?.startsWith('https')
+        ? true
+        : false
 const jwtOptions = {
     secretOrKey: jwtAuthTokenSecret,
     audience: jwtAudience,