diff --git a/src/lib/auth.ts b/src/lib/auth.ts
index 0f25995..45fa61f 100644
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -57,5 +57,19 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
   session: {
     strategy: "jwt",
   },
+  cookies: {
+    sessionToken: {
+      name: process.env.NODE_ENV === "production" 
+        ? `__Secure-next-auth.session-token`
+        : `next-auth.session-token`,
+      options: {
+        httpOnly: true,
+        sameSite: "lax",
+        path: "/",
+        secure: process.env.NODE_ENV === "production",
+      },
+    },
+  },
   secret: process.env.NEXTAUTH_SECRET,
+  trustHost: true,
 });
\ No newline at end of file
diff --git a/src/lib/middleware-auth.ts b/src/lib/middleware-auth.ts
index 5ca0ec9..a6b394c 100644
--- a/src/lib/middleware-auth.ts
+++ b/src/lib/middleware-auth.ts
@@ -8,6 +8,8 @@ export async function getAuthSession(request: NextRequest) {
       secret: process.env.NEXTAUTH_SECRET 
     });
     
+    console.log(`[getAuthSession] Token exists: ${!!token}, Secret configured: ${!!process.env.NEXTAUTH_SECRET}`);
+    
     if (!token) {
       return null;
     }
diff --git a/src/middleware.ts b/src/middleware.ts
index db8f76c..bf469a6 100644
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -27,9 +27,12 @@ export default async function middleware(request: NextRequest) {
     publicRoutes.includes(pathname) ||
     publicApiRoutes.includes(pathname) ||
     pathname.startsWith("/api/auth/") ||
+    pathname.startsWith("/api/health") ||
     pathname.startsWith("/images/") ||
     pathname.startsWith("/_next/") ||
-    pathname.startsWith("/fonts/")
+    pathname.startsWith("/fonts/") ||
+    pathname === "/favicon.svg" ||
+    pathname === "/favicon.ico"
   ) {
     return NextResponse.next();
   }
@@ -37,6 +40,8 @@ export default async function middleware(request: NextRequest) {
   // Vérifier l'authentification avec NextAuth v5
   const session = await getAuthSession(request);
   
+  console.log(`[Middleware] Path: ${pathname}, Has session: ${!!session}`);
+  
   if (!session) {
     if (pathname.startsWith("/api/")) {
       return NextResponse.json(
@@ -61,7 +66,7 @@ export default async function middleware(request: NextRequest) {
     response.cookies.set("NEXT_LOCALE", locale, {
       path: "/",
       maxAge: 365 * 24 * 60 * 60, // 1 an
-      secure: true, // Ajout de secure pour HTTPS
+      secure: process.env.NODE_ENV === "production", // Secure uniquement en prod HTTPS
       sameSite: "lax", // Protection CSRF
     });
   }
@@ -80,6 +85,6 @@ export const config = {
      * 4. /images/* (inside public directory)
      * 5. Static files (manifest.json, favicon.ico, etc.)
      */
-    "/((?!api/auth|_next/static|_next/image|fonts|images|manifest.json|favicon.ico|sitemap.xml|sw.js|offline.html).*)",
+    "/((?!api/auth|api/health|_next/static|_next/image|fonts|images|manifest.json|favicon|sitemap.xml|sw.js|offline.html).*)",
   ],
 };
\ No newline at end of file