fix: enforce secure cookie setting for session management

server/api/auth/direct-login.post.ts

@@ -321,7 +321,7 @@ export default defineEventHandler(async (event) => {
       // Use Nuxt's setCookie helper directly with the encrypted value
       setCookie(event, 'monacousa-session', encrypted, {
         httpOnly: true,
-        secure: process.env.NODE_ENV === 'production',
+        secure: true,
         sameSite: 'lax',
         maxAge,
         path: '/',