diff --git a/app/__init__.py b/app/__init__.py
index 3a1f54fc14b5e002a08fc4a31be30f8a502f0bd8..cdb6f90b05b3abc3cd0150efaae61c9b77508f3e 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -2,6 +2,7 @@ from config import config
 from flask import Flask
 from flask_login import LoginManager
 from flask_mail import Mail
+from flask_paranoid import Paranoid
 from flask_socketio import SocketIO
 from flask_sqlalchemy import SQLAlchemy
 import logging
@@ -12,6 +13,8 @@ logger = logging.getLogger(__name__)
 login_manager = LoginManager()
 login_manager.login_view = 'auth.login'
 mail = Mail()
+paranoid = Paranoid()
+paranoid.redirect_view = '/'
 socketio = SocketIO()
 
 
@@ -23,6 +26,7 @@ def create_app(config_name):
     db.init_app(app)
     login_manager.init_app(app)
     mail.init_app(app)
+    paranoid.init_app(app)
     socketio.init_app(app, message_queue='redis://redis:6379/')
 
     from . import events
diff --git a/config.py b/config.py
index 5b46863a7de37803dd42cc3cecfd0679997dbbf1..07b748c6a76e1969ffe6a2dd8bdd9ccfa19a67db 100644
--- a/config.py
+++ b/config.py
@@ -6,6 +6,11 @@ import logging
 class Config:
     ''' ### Flask ### '''
     SECRET_KEY = os.environ.get('SECRET_KEY') or 'hard to guess string'
+    SESSION_COOKIE_SECURE = True
+
+    ''' ### Flask-Login ### '''
+    REMEMBER_COOKIE_HTTPONLY = True
+    REMEMBER_COOKIE_SECURE = True
 
     ''' ### Flask-Mail ### '''
     MAIL_SERVER = os.environ.get('MAIL_SERVER')
diff --git a/docker-compose.yml b/docker-compose.yml
index 126d78d03bdfb6d9744928839ef127c73a282b36..c1b4ea09115cae162a860b2529065231bc6e7a2a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -27,17 +27,16 @@ services:
       - "traefik.http.routers.nopaque.rule=Host(`nopaque.localhost`)"  # Change this to match your nopaque domain
       ### </http> ###
       ### <https> ###
-      - "traefik.http.middlewares.nopaquesecure-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
-      - "traefik.http.routers.nopaquesecure.entrypoints=websecure"
-      - "traefik.http.routers.nopaquesecure.middlewares=nopaquesecure-headers"
-      - "traefik.http.routers.nopaquesecure.rule=Host(`nopaque.localhost`)"  # Change this to match your nopaque domain
-      - "traefik.http.routers.nopaquesecure.tls=true"
+      - "traefik.http.middlewares.nopaque-secure-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.routers.nopaque-secure.entrypoints=web-secure"
+      - "traefik.http.routers.nopaque-secure.middlewares=nopaque-secure-headers"
+      - "traefik.http.routers.nopaque-secure.rule=Host(`nopaque.localhost`)"  # Change this to match your nopaque domain
+      - "traefik.http.routers.nopaque-secure.tls=true"
       ### </https> ###
       ### <basicauth help="https://docs.traefik.io/middlewares/basicauth/"> ###
       # - "traefik.http.middlewares.nopaque-basicauth.basicauth.users=name:hashed-password"
       # - "traefik.http.routers.nopaque.middlewares=nopaque-basicauth, nopaque-headers, nopaque-redirectscheme"
-      # - "traefik.http.middlewares.nopaquesecure-basicauth.basicauth.users=name:hashed-password"
-      # - "traefik.http.routers.nopaquesecure.middlewares=nopaquesecure-basicauth, nopaquesecure-headers"
+      # - "traefik.http.routers.nopaque-secure.middlewares=nopaque-basicauth, nopaquesecure-headers"
       ### </basicauth> ###
     networks:
       - default
diff --git a/requirements.txt b/requirements.txt
index d5d9f24da8dde779f653d9f8122ff9c2587afd46..c916b22ba87359b7f9f66fed990dd2e1d301ffe9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,6 +5,7 @@ Flask
 Flask-Login
 Flask-Mail
 Flask-Migrate
+Flask-Paranoid
 Flask-SocketIO
 Flask-SQLAlchemy
 Flask-Table