diff --git a/server/app.js b/server/app.js
index d502887..3624f14 100644
--- a/server/app.js
+++ b/server/app.js
@@ -60,7 +60,10 @@ app.use(session({
   secret: process.env.COOKIE_SECRET,
   cookie: {
     httpOnly: true,
-    secure: false,
+    secure: process.env.NODE_ENV === 'production', // Use secure cookies in production
+    domain: 'example.com', // Set your domain
+    path: '/', // Set path to root
+    expires: new Date(Date.now() + 60 * 60 * 1000), // Set expiration to 1 hour
   },
   name: 'session-cookie',
 }));
@@ -127,6 +130,12 @@ const fs = require('fs');
 
 app.get('/:page', (req, res) => {
   const page = req.params.page;
+  const allowedPages = ['home', 'about', 'contact']; // Allow list for pages
+
+  if (!allowedPages.includes(page)) {
+    return res.status(403).send('Forbidden');
+  }
+
   const filePath = path.join(__dirname, 'views', `${page}.html`);
 
   fs.access(filePath, fs.constants.F_OK, (err) => {