diff --git a/backend/.env.template b/backend/.env.template
index 80193c9..3622662 100644
--- a/backend/.env.template
+++ b/backend/.env.template
@@ -10,5 +10,6 @@ OAUTH_REDIRECT_URI=
 AUTH_ST_TTL=300
 AUTH_SESSION_TTL=86400
 AUTH_SERVICES_LOGOUT=http://localhost:5203/api/v1/auth/sso-signout
+AUTH_IS_HTTPS=false
 
 CORS_ALLOW_ORIGINS=http://localhost:3000
diff --git a/backend/config/config.go b/backend/config/config.go
index aa30c82..d3a21d1 100644
--- a/backend/config/config.go
+++ b/backend/config/config.go
@@ -29,6 +29,7 @@ type AuthConfig struct {
 	STTTL      int
 	SessionTTL int
 	Services   []string
+	IsHTTPS    bool
 }
 
 type CorsConfig struct {
@@ -84,6 +85,7 @@ func LoadConfig() (*Config, error) {
 		STTTL:      int(STTTL),
 		SessionTTL: int(sessionTTL),
 		Services:   servicesLogout,
+		IsHTTPS:    os.Getenv("AUTH_IS_HTTPS") == "true",
 	}
 
 	return &Config{
diff --git a/backend/internal/auth/auth.handler.go b/backend/internal/auth/auth.handler.go
index a800627..64375c0 100644
--- a/backend/internal/auth/auth.handler.go
+++ b/backend/internal/auth/auth.handler.go
@@ -179,7 +179,7 @@ func (h *handlerImpl) VerifyGoogleLogin(c context.Ctx) {
 		return
 	}
 
-	c.SetCookie("CASTGC", session.Token, h.conf.SessionTTL, "/", "localhost", false, true)
+	c.SetCookie("CASTGC", session.Token, h.conf.SessionTTL, "/", "localhost", h.conf.IsHTTPS, true)
 
 	c.JSON(200, &dto.ServiceTicketToken{
 		ServiceTicket: serviceTicket.Token,