Environment configuration for HTTPS only cookie

config/session.php

@@ -161,7 +161,7 @@ return [
     |
     */
 
-    'secure' => false,
+    'secure' => env('SESSION_SECURE_COOKIE', false),
 
     /*
     |--------------------------------------------------------------------------