diff --git a/index.js b/index.js
index d41b2378..b6a290ad 100644
--- a/index.js
+++ b/index.js
@@ -232,7 +232,7 @@ function session(options) {
       }
 
       // only send secure cookies via https
-      if (req.session.cookie.secure && !issecure(req, trustProxy)) {
+      if (req.session.cookie.secure && !issecure(req, trustProxy) && !isRunningLocally()) {
         debug('not secured');
         return;
       }
@@ -654,6 +654,23 @@ function issecure(req, trustProxy) {
   return proto === 'https';
 }
 
+/**
+ * Determine if application is running locally.
+ *
+ * @return {Boolean}
+ * @private
+ */
+
+function isRunningLocally() {
+  if (os.hostname() === 'localhost') {
+    return true;
+  }
+  var interfaces = os.networkInterfaces();
+  return Object.values(interfaces).flat().some(iface =>
+    iface.address === '127.0.0.1' || iface.address === '::1'
+  );
+}
+
 /**
  * Set cookie on response.
  *