diff --git a/lib/cookie.js b/lib/cookie.js
index 8a58845..3234305 100644
--- a/lib/cookie.js
+++ b/lib/cookie.js
@@ -25,10 +25,11 @@ module.exports = class Cookie {
     }
 
     if (this.secure === 'auto') {
-      if (request.protocol === 'https') {
+      if (request.protocol === 'https' || request.hostname === 'localhost') {
         this.secure = true
       } else {
         this.sameSite = 'lax'
+        this.partitioned = false
         this.secure = false
       }
     }
diff --git a/lib/fastifySession.js b/lib/fastifySession.js
index 56aa6f4..9641179 100644
--- a/lib/fastifySession.js
+++ b/lib/fastifySession.js
@@ -166,7 +166,7 @@ function fastifySession (fastify, options, next) {
 
       const cookieSessionId = getCookieSessionId(request)
       const saveSession = shouldSaveSession(request, cookieSessionId, saveUninitializedSession, rollingSessions)
-      const isInsecureConnection = cookieOpts.secure === true && request.protocol !== 'https'
+      const isInsecureConnection = cookieOpts.secure === true && request.protocol !== 'https' && request.hostname !== 'localhost'
       const sessionIdWithPrefix = hasCookiePrefix ? `${cookiePrefix}${session.encryptedSessionId}` : session.encryptedSessionId
       if (!saveSession || isInsecureConnection) {
         // if a session cookie is set, but has a different ID, clear it
diff --git a/test/cookie.test.js b/test/cookie.test.js
index f999f94..f4c1707 100644
--- a/test/cookie.test.js
+++ b/test/cookie.test.js
@@ -318,6 +318,7 @@ test('should set session cookie secureAuto', async (t) => {
   t.after(() => { fastify.close() })
 
   const response = await fastify.inject({
+    authority: 'fastify-session.test',
     url: '/'
   })
 
@@ -345,6 +346,7 @@ test('should set session cookie secureAuto change SameSite', async (t) => {
   t.after(() => { fastify.close() })
 
   const response = await fastify.inject({
+    authority: 'fastify-session.test',
     url: '/'
   })
 
diff --git a/test/session.test.js b/test/session.test.js
index ac675ef..cb2ceb0 100644
--- a/test/session.test.js
+++ b/test/session.test.js
@@ -1231,6 +1231,7 @@ test('Override global options with regenerate', async t => {
   fastify.register(fastifyCookie)
   fastify.register(fastifySession, {
     ...DEFAULT_OPTIONS,
+    saveUninitialized: true,
     cookie: {
       secure: false,
       maxAge: 42,
diff --git a/test/util.js b/test/util.js
index b46701d..18c70ce 100644
--- a/test/util.js
+++ b/test/util.js
@@ -6,7 +6,7 @@ const fastifySession = require('../lib/fastifySession')
 const TestStore = require('./TestStore')
 
 const DEFAULT_SECRET = 'cNaoPYAwF60HZJzkcNaoPYAwF60HZJzk'
-const DEFAULT_OPTIONS = { secret: DEFAULT_SECRET }
+const DEFAULT_OPTIONS = { secret: DEFAULT_SECRET, saveUninitialized: false }
 const DEFAULT_SESSION_ID = 'Qk_XT2K7-clT-x1tVvoY6tIQ83iP72KN'
 const DEFAULT_ENCRYPTED_SESSION_ID = `${DEFAULT_SESSION_ID}.B7fUDYXU9fXF9pNuL3qm4NVmSduLJ6kzCOPh5JhHGoE`
 const DEFAULT_COOKIE_VALUE = `sessionId=${DEFAULT_ENCRYPTED_SESSION_ID};`