diff --git a/_examples/auth/auth/auth.yml b/_examples/auth/auth/auth.yml
index e324132f..9cfed272 100644
--- a/_examples/auth/auth/auth.yml
+++ b/_examples/auth/auth/auth.yml
@@ -3,6 +3,7 @@ Headers: # required.
   - "X-Authorization"
 Cookie: # optional.
   Name: "iris_auth_cookie"
+  Secure: false
   Hash: "D*G-KaPdSgUkXp2s5v8y/B?E(H+MbQeThWmYq3t6w9z$C&F)J@NcRfUjXn2r4u7x" # length of 64 characters (512-bit).
   Block: "VkYp3s6v9y$B&E)H@McQfTjWmZq4t7w!" # length of 32 characters (256-bit).
 Keys:
diff --git a/_examples/mvc/websocket-auth/auth.yml b/_examples/mvc/websocket-auth/auth.yml
index e324132f..9cfed272 100644
--- a/_examples/mvc/websocket-auth/auth.yml
+++ b/_examples/mvc/websocket-auth/auth.yml
@@ -3,6 +3,7 @@ Headers: # required.
   - "X-Authorization"
 Cookie: # optional.
   Name: "iris_auth_cookie"
+  Secure: false
   Hash: "D*G-KaPdSgUkXp2s5v8y/B?E(H+MbQeThWmYq3t6w9z$C&F)J@NcRfUjXn2r4u7x" # length of 64 characters (512-bit).
   Block: "VkYp3s6v9y$B&E)H@McQfTjWmZq4t7w!" # length of 32 characters (256-bit).
 Keys:
diff --git a/auth/auth.go b/auth/auth.go
index 3e8d405d..de413b5a 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -526,7 +526,7 @@ func (s *Auth[T]) trySetCookie(ctx *context.Context, accessToken string) {
 			Name:     cookieName,
 			Value:    url.QueryEscape(accessToken),
 			HttpOnly: true,
-			Secure:   ctx.IsSSL(),
+			Secure:   s.config.Cookie.Secure || ctx.IsSSL(),
 			Domain:   ctx.Domain(),
 			SameSite: http.SameSiteLaxMode,
 			Expires:  time.Now().Add(maxAge),
diff --git a/auth/configuration.go b/auth/configuration.go
index c5200541..eb81ea47 100644
--- a/auth/configuration.go
+++ b/auth/configuration.go
@@ -45,6 +45,12 @@ type (
 	CookieConfiguration struct {
 		// Name defines the cookie's name.
 		Name string `json:"cookie" yaml:"Name" toml:"Name" ini:"name"`
+		// Secure if true then "; Secure" is appended to the Set-Cookie header.
+		// By setting the secure to true, the web browser will prevent the
+		// transmission of a cookie over an unencrypted channel.
+		//
+		// Defaults to false but it's true when the request is under iris.Context.IsSSL().
+		Secure bool `json:"secure" yaml:"Secure" toml:"Secure" ini:"secure"`
 		// Hash is optional, it is used to authenticate cookie value using HMAC.
 		// It is recommended to use a key with 32 or 64 bytes.
 		Hash string `json:"hash" yaml:"Hash" toml:"Hash" ini:"hash"`
@@ -104,9 +110,10 @@ func (c *Configuration) BindRandom() error {
 			"X-Authorization",
 		},
 		Cookie: CookieConfiguration{
-			Name:  "iris_auth_cookie",
-			Hash:  string(securecookie.GenerateRandomKey(64)),
-			Block: string(securecookie.GenerateRandomKey(32)),
+			Name:   "iris_auth_cookie",
+			Secure: false,
+			Hash:   string(securecookie.GenerateRandomKey(64)),
+			Block:  string(securecookie.GenerateRandomKey(32)),
 		},
 		Keys: jwt.KeysConfiguration{
 			{