diff --git a/docs/pages/installation.md b/docs/pages/installation.md
index 7fad538b..c9bf6655 100644
--- a/docs/pages/installation.md
+++ b/docs/pages/installation.md
@@ -182,3 +182,14 @@ If you have an Entra ID app registration with the necessary permissions on the s
 | `ImageStorage__TenantId`        | The tenant id where the app registration resides.       |
 | `ImageStorage__ClientId`        | The client id of the *app registration*.                |
 | `ImageStorage__ClientSecret`    | The value of the client secret.                         |
+
+## Troubleshooting
+
+Below are troubleshooting steps for some issues you might encounter during installation.
+
+### Connecting over HTTP
+
+If you are connecting to a remote (non-`localhost`) turnierplan.NET server via HTTP, you should see a *401 Unauthorized* error after logging in with your valid credentials. This is because turnierplan.NET uses secure cookies by default. You can set the `Identity__UseInsecureCookies` environment variable to `true` to change this behavior.
+
+!!! danger
+    Using HTTP is obviously not the way to go if you are connecting over the internet. For local setups this might be fine, though it is still discouraged. Most importantly, it is **not officially supported** because some parts of the client application rely on HTTPS-only browser APIs to work properly (such as clipboard or crypto).
diff --git a/src/Turnierplan.App/Endpoints/Identity/IdentityEndpointBase.cs b/src/Turnierplan.App/Endpoints/Identity/IdentityEndpointBase.cs
index e387bf25..8ce54528 100644
--- a/src/Turnierplan.App/Endpoints/Identity/IdentityEndpointBase.cs
+++ b/src/Turnierplan.App/Endpoints/Identity/IdentityEndpointBase.cs
@@ -78,11 +78,15 @@ protected void AddResponseCookieForToken(HttpContext context, string token, bool
 
         void AddCookie(string path)
         {
+            // If the config value 'UseInsecureCookies' is set to true, the cookies will be sent without the 'secure' flag.
+            // Thus, the browser will also send the cookies along with HTTP requests instead of HTTPS only.
+            var isSecure = _options.CurrentValue.UseInsecureCookies != true;
+
             var cookieOptions = new CookieOptions
             {
                 HttpOnly = true,
                 SameSite = SameSiteMode.Strict,
-                Secure = true,
+                Secure = isSecure,
                 Path = path,
                 Expires = cookieExpires
             };
diff --git a/src/Turnierplan.App/Options/IdentityOptions.cs b/src/Turnierplan.App/Options/IdentityOptions.cs
index e9010125..4520cf0a 100644
--- a/src/Turnierplan.App/Options/IdentityOptions.cs
+++ b/src/Turnierplan.App/Options/IdentityOptions.cs
@@ -9,5 +9,7 @@ internal sealed class IdentityOptions : AuthenticationSchemeOptions
     public TimeSpan AccessTokenLifetime { get; init; } = TimeSpan.Zero;
 
     public TimeSpan RefreshTokenLifetime { get; init; } = TimeSpan.Zero;
+
+    public bool? UseInsecureCookies { get; init; }
 }