Fix cookie secure flag for HTTP

src/app/api/auth/login/route.ts

@@ -34,9 +34,10 @@ export async function POST(request: NextRequest) {
         const response = NextResponse.json({ success: true });
         response.cookies.set("auth-token", token, {
             httpOnly: true,
-            secure: process.env.NODE_ENV === "production",
+            secure: false, // Allow HTTP for local/internal deployments
             sameSite: "lax",
             maxAge: 60 * 60 * 24 * 7, // 7 days
+            path: "/",
         });
         console.log("[LOGIN] Cookie set, returning success");