diff --git a/Infrastructure/PlayerIdentityExtensions.cs b/Infrastructure/PlayerIdentityExtensions.cs
index f0444a7..9f8ca62 100644
--- a/Infrastructure/PlayerIdentityExtensions.cs
+++ b/Infrastructure/PlayerIdentityExtensions.cs
@@ -10,13 +10,17 @@ public static class PlayerIdentityExtensions
     {
         app.Use(async (ctx, next) =>
         {
+            var pathBase = ctx.Request.PathBase.HasValue ? ctx.Request.PathBase.Value : "/";
+            var isHttps = string.Equals(ctx.Request.Scheme, "https", StringComparison.OrdinalIgnoreCase);
+
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
                 SameSite = SameSiteMode.Strict,
-                Secure = !app.ApplicationServices.GetRequiredService<IWebHostEnvironment>().IsDevelopment(),
+                Secure = isHttps,
                 IsEssential = true,
-                Expires = DateTimeOffset.UtcNow.AddYears(1)
+                Expires = DateTimeOffset.UtcNow.AddYears(1),
+                Path = pathBase
             };
 
             Guid playerId;
diff --git a/Program.cs b/Program.cs
index 70779fd..846e9e9 100644
--- a/Program.cs
+++ b/Program.cs
@@ -1,6 +1,7 @@
 using GameList.Data;
 using GameList.Endpoints;
 using GameList.Infrastructure;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.Data.Sqlite;
 using Microsoft.EntityFrameworkCore;
 using System.Text.Json.Serialization;
@@ -38,6 +39,11 @@ builder.Services.ConfigureHttpJsonOptions(options =>
 
 var app = builder.Build();
 
+app.UseForwardedHeaders(new ForwardedHeadersOptions
+{
+    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedHost
+});
+
 var basePath = builder.Configuration["BasePath"];
 if (!string.IsNullOrWhiteSpace(basePath))
 {