diff --git a/app/Config/session.php b/app/Config/session.php
index 4bbb78901..a00d75807 100644
--- a/app/Config/session.php
+++ b/app/Config/session.php
@@ -72,7 +72,7 @@ return [
     // to the server if the browser has a HTTPS connection. This will keep
     // the cookie from being sent to you if it can not be done securely.
     'secure' => env('SESSION_SECURE_COOKIE', null)
-        ?? Str::startsWith(env('APP_URL'), 'https:'),
+        ?? Str::startsWith(env('APP_URL', ''), 'https:'),
 
     // HTTP Access Only
     // Setting this value to true will prevent JavaScript from accessing the