fixed

UNRAID.md

@@ -17,6 +17,8 @@ If a change would alter how the container is built, started, configured, mapped,
   Recommended: `/data/inven.sqlite`
 - `AUTH_SECRET`
   Use a long random string. This signs login sessions.
+- `AUTH_SECURE_COOKIES`
+  Set to `false` for normal `http://` access on your LAN. Set to `true` only when the app is served over HTTPS.
 - `ADMIN_EMAIL`
   Initial bootstrap admin email.
 - `ADMIN_PASSWORD`
@@ -27,6 +29,7 @@ Important:
 - The bootstrap admin is created only when the database has no users yet.
 - Changing `ADMIN_EMAIL` or `ADMIN_PASSWORD` after first boot does not replace an existing user automatically.
 - Keep `AUTH_SECRET` stable after deployment. Rotating it will invalidate active sessions.
+- If you access the app over plain HTTP and `AUTH_SECURE_COOKIES=true`, login will appear to work but the browser will not stay signed in.
 
 ## CLI Build And Run
 
@@ -62,6 +65,7 @@ docker run -d \
   -v /mnt/user/appdata/inven/data:/data \
   -e DATABASE_PATH=/data/inven.sqlite \
   -e AUTH_SECRET='replace-with-a-long-random-secret' \
+  -e AUTH_SECURE_COOKIES='false' \
   -e ADMIN_EMAIL='admin@example.com' \
   -e ADMIN_PASSWORD='replace-with-a-strong-password' \
   --restart unless-stopped \
@@ -126,6 +130,8 @@ Add these variables:
   Value: `/data/inven.sqlite`
 - `AUTH_SECRET`
   Value: a long random secret
+- `AUTH_SECURE_COOKIES`
+  Value: `false` for standard LAN HTTP access
 - `ADMIN_EMAIL`
   Value: your initial admin email
 - `ADMIN_PASSWORD`
@@ -159,6 +165,7 @@ When app changes do require install changes:
 - Confirm `ADMIN_EMAIL` and `ADMIN_PASSWORD` were present on first boot
 - If the database already existed before auth was configured, the bootstrap user may not have been created
 - Confirm `AUTH_SECRET` is set and stable
+- Confirm `AUTH_SECURE_COOKIES=false` if you are not serving the app over HTTPS
 
 ### Sessions keep getting invalidated