Secure Cookies not working, despite successful HTTPS connection

Hi :)

I am trying to debug my express server. I have a reverse proxy set up with NGINX and Let’s Encrypt. I am able to successfully connect using HTTPS. I get the green lock and it says ‘Connection secure’.

I am using session-based auth with express-sessions. My cookies work perfectly when the secure flag is not set. The moment I set secure to true my cookies gets rejected. Not sure why this is, I have trust-proxy set up and my connection is secure. Any ideas?

Here is a sample of the logs I am getting: “Some cookies are misusing the recommended “SameSite“ attribute” “Cookie “sid” has been rejected because it is already expired.”

And here is my cookie setup:

if (process.env.NODE_ENV === "production") {
  app.set('trust proxy', 1)
}

app.use(
  session({
    name: "sid",
    resave: false,
    saveUninitialized: false,
    secret: process.env.SESSION_SECRET,
    cookie: {
      domain: process.env.BASE_URL,
      path: "/",
      sameSite: "strict",
      secure: process.env.NODE_ENV === "production" ? true : false,
      maxAge: 1000 * 60 * 60 * 2, // 2 hours
    },
    store: MongoStore.create({
      client: db.getClient(),
      ttl: 60 * 60 * 2, // 2 hours, in seconds
      touchAfter: 24 * 3600, // time period in seconds
      crypto: {
        secret: process.env.STORE_SECRET,
      },
    }),
  })
);

Like I mentioned, no logs or errors once I take out secure (i.e. if I don’t see my NODE_ENV to “production”)

Thank you in advance.