diff --git a/lib/app.js b/lib/app.js
index 9c273a57..ab9b6b96 100644
--- a/lib/app.js
+++ b/lib/app.js
@@ -251,7 +251,6 @@ app.connect = function (callback) {
   app.use(cookieSession({
     keys: ['jsbin'],
     cookie: {
-      secure: false, // allows cookie to be exchanged across http + https on purpose
       maxAge: 365 * 24 * 60 * 60 * 1000,
       // the domain must contain a dot and should not have a port
       domain: app.get('url host').indexOf('.') === -1 ? undefined : '.' + app.get('url host').replace(/:\d+$/, '')