This should be done in general, but by providing a JWT through a cookie with the `secure` flag, this is required.
This should be done in general, but by providing a JWT through a cookie with the
secureflag, this is required.