Our load balancer forwards requests to the web servers via port 80 (insecure on the local network)
due to that, the web server + Revive does not automatically know that is should be serving secure links and cookies.
In order to resolve this we had to add a forwarded header to the load balancer that tells the server + Revive code that the connection is secure from the users browser.
search for `function setupConfigVariables` in the code to see what i am talking about, there are many different server settings to allow `$GLOBALS['_MAX']['SSL_REQUEST'] = true;`
Artistan got a reaction from andrewatfornax in Insecure Cookies Warnings - Non-SSL Cookies