diff --git a/README.md b/README.md
index c4f8924..b934ed8 100644
--- a/README.md
+++ b/README.md
@@ -4,15 +4,3 @@ DanBarberPhoto
 [ ![Codeship Status for danbee/danbarberphoto](https://www.codeship.io/projects/bdd9fe40-63ad-0132-3763-76d0773b13a7/status)](https://www.codeship.io/projects/30798)
 
 This is the source code for DanBarberPhoto.com.
-
-The session cookie has been set to `secure: true` so the admin login will only
-work over an HTTPS connection. Use the tunnels gem to proxy the development
-server to HTTPS:
-
-```bash
-# If you're using pow
-$ sudo tunnels
-
-# If using rails server
-$ sudo tunnels 443 3000
-```
diff --git a/app/controllers/admin/admin_controller.rb b/app/controllers/admin/admin_controller.rb
index 47f884e..c6e4654 100644
--- a/app/controllers/admin/admin_controller.rb
+++ b/app/controllers/admin/admin_controller.rb
@@ -4,7 +4,7 @@ module Admin
     before_filter :authenticate_admin_user!
     before_filter :admin_menu
 
-    force_ssl host: APP_CONFIG[:ssl_hostname]
+    force_ssl host: APP_CONFIG[:ssl_hostname] if Rails.env.production?
 
     def admin_menu
       @admin_menu = { dashboard: '',
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index ac1916a..735a328 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,6 +1,6 @@
 # Be sure to restart your server when you modify this file.
 
-DanBarberPhoto::Application.config.session_store :cookie_store, key: '_danbarberphoto_session', secure: true
+DanBarberPhoto::Application.config.session_store :cookie_store, key: '_danbarberphoto_session', secure: Rails.env.production?
 
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information