diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index 8e67e9a025..6a47ba628f 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -163,6 +163,12 @@ MAX_EVENT_RES_DATA = 700000
 # Note: This setting may be overridden by database settings.
 EVENT_STDOUT_MAX_BYTES_DISPLAY = 1024
 
+# Disallow sending session cookies over insecure connections
+SESSION_COOKIE_SECURE = True
+
+# Disallow sending csrf cookies over insecure connections
+CSRF_COOKIE_SECURE = True
+
 TEMPLATE_CONTEXT_PROCESSORS = (  # NOQA
     'django.contrib.auth.context_processors.auth',
     'django.core.context_processors.debug',
diff --git a/awx/settings/development.py b/awx/settings/development.py
index ebe81260d1..1326c12814 100644
--- a/awx/settings/development.py
+++ b/awx/settings/development.py
@@ -24,11 +24,11 @@ ALLOWED_HOSTS = ['*']
 mimetypes.add_type("image/svg+xml", ".svg", True)
 mimetypes.add_type("image/svg+xml", ".svgz", True)
 
-MONGO_HOST = '127.0.0.1'
-MONGO_PORT = 27017
-MONGO_USERNAME = None
-MONGO_PASSWORD = None
-MONGO_DB = 'system_tracking_dev'
+# Disallow sending session cookies over insecure connections
+SESSION_COOKIE_SECURE = False
+
+# Disallow sending csrf cookies over insecure connections
+CSRF_COOKIE_SECURE = False
 
 # Override django.template.loaders.cached.Loader in defaults.py
 TEMPLATE_LOADERS = (