Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

<@U04UQ68083H> How do I host session cookies on both HTTP and HTTPS domains?

I'm sorry, but based on the provided knowledge sources, it's not recommended or possible to host session cookies on both HTTP and HTTPS domains using Ory. Ory Kratos' cookies are only sent over HTTPS unless `--dev` is set. This is a security measure to ensure the integrity and confidentiality of the session cookies.   Here is the relevant extract from the knowledge sources: "Unless `--dev` is set, Ory Kratos' cookies are only sent over HTTPS." [source](<https://www.ory.sh/docs/kratos/guides/configuring-cookies>)  If you want to work with cookies in a development environment, you might consider using the `--dev` flag. However, for production environments, it's crucial to use HTTPS to ensure the security of your user's data.