diff --git a/build.gradle b/build.gradle
index 995dbab..2aaa9e4 100644
--- a/build.gradle
+++ b/build.gradle
@@ -23,7 +23,7 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-web'
 	implementation 'org.springframework.boot:spring-boot-starter-security'
 	developmentOnly 'org.springframework.boot:spring-boot-devtools'
-	//runtimeOnly 'com.h2database:h2'
+	developmentOnly 'com.h2database:h2'
 	runtimeOnly 'org.postgresql:postgresql'
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	//testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
diff --git a/src/main/java/de/cwansart/unipoll/controller/VoteController.java b/src/main/java/de/cwansart/unipoll/controller/VoteController.java
index 06a053a..30baf7e 100644
--- a/src/main/java/de/cwansart/unipoll/controller/VoteController.java
+++ b/src/main/java/de/cwansart/unipoll/controller/VoteController.java
@@ -95,7 +95,10 @@ public String save(@RequestParam(name = "id", required = true) long id,
         vote.setUserId(userId);
         voteRepo.save(vote);
 
-        response.addCookie(new Cookie("unipoll-user-id", userId));
+        Cookie cookie = new Cookie("unipoll-user-id", userId);
+        cookie.setHttpOnly(true);
+        cookie.setSecure(true);
+        response.addCookie(cookie);
 
         return "redirect:/vote?id=" + id;
     }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 0acdeb4..25024f7 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,4 +1,5 @@
 spring.application.name=unipoll
+server.servlet.session.cookie.secure=true
 
 # default http port
 #server.port=80