diff --git a/config.py b/config.py
index ec88ee6..d89dbc9 100644
--- a/config.py
+++ b/config.py
@@ -37,9 +37,9 @@ class Config:
         'pool_timeout': 30,
     }
     # Auth0
-    SESSION_COOKIE_SECURE = False
+    SESSION_COOKIE_SECURE = True # depends on is_producction
     SESSION_COOKIE_HTTPONLY = True
-    SESSION_COOKIE_SAMESITE = 'None'
+    SESSION_COOKIE_SAMESITE = 'None' # depends on is_producction
     REMEMBER_COOKIE_SECURE = True
     WTF_CSRF_ENABLED = True
     # WTF_CSRF_CHECK_DEFAULT = False  # We'll check it manually for API routes
@@ -95,6 +95,7 @@ class DevelopmentConfig(Config):
     DEBUG = True
     MAIL_DEBUG = True
     SESSION_COOKIE_SECURE = False
+    SESSION_COOKIE_SAMESITE = 'Lax' # depends on is_producction
 
 class ProductionConfig(Config):
     is_production = True