diff --git a/src/main/java/com/example/be/service/UserServiceImpl.java b/src/main/java/com/example/be/service/UserServiceImpl.java
index 159c223..a0f0076 100644
--- a/src/main/java/com/example/be/service/UserServiceImpl.java
+++ b/src/main/java/com/example/be/service/UserServiceImpl.java
@@ -59,7 +59,7 @@ public CommonDTO.IsSuccessDTO signUp(UserDTO.SingUpRequestDto request) {
 
     }
 
-    public CommonDTO.IsSuccessDTO login(UserDTO.LoginRequestDto request, HttpServletResponse response) {
+    public CommonDTO.IsSuccessDTO login(UserDTO.LoginRequestDto request, HttpServletResponse response, HttpServletRequest httpRequest) {
         //db에 아이디랑 비밀번호가 일치하는지 조회
         // 일치한다면 토큰 발급 후 response
 
@@ -84,6 +84,9 @@ public CommonDTO.IsSuccessDTO login(UserDTO.LoginRequestDto request, HttpServlet
         // AccessToken 발급
         String accessToken = jwtUtil.generateAccessToken(user.getUserId(), ACCESS_TOKEN_EXPIRATION_TIME);
 
+        String origin = httpRequest.getHeader("Origin");
+        boolean isSecure = origin == null || !origin.contains("localhost");
+
 
         // 쿠키에 액세스 토큰 추가
         Cookie accessTokenCookie = new Cookie("accessToken", accessToken);
@@ -91,6 +94,7 @@ public CommonDTO.IsSuccessDTO login(UserDTO.LoginRequestDto request, HttpServlet
         accessTokenCookie.setSecure(true);    // HTTPS에서만 전송되도록 설정, https 적용 후 true로 설정 예정
         accessTokenCookie.setPath("/");       // 모든 경로에서 쿠키 접근 가능
         accessTokenCookie.setMaxAge((int) (ACCESS_TOKEN_EXPIRATION_TIME / 1000));  // 밀리초를 초로 변환
+        accessTokenCookie.setSecure(isSecure);  // localhost면 false, 배포면 true
         response.addCookie(accessTokenCookie);
 
         // 쿠키에 리프레시 토큰 추가
@@ -99,6 +103,7 @@ public CommonDTO.IsSuccessDTO login(UserDTO.LoginRequestDto request, HttpServlet
         refreshTokenCookie.setSecure(true);
         refreshTokenCookie.setPath("/");
         refreshTokenCookie.setMaxAge((int) (REFRESH_TOKEN_EXPIRATION_TIME / 1000));
+        refreshTokenCookie.setSecure(isSecure);
         response.addCookie(refreshTokenCookie);
 
         return CommonDTO.IsSuccessDTO.builder()
diff --git a/src/main/java/com/example/be/web/controller/UserController.java b/src/main/java/com/example/be/web/controller/UserController.java
index 8f9eba0..dc8aa24 100644
--- a/src/main/java/com/example/be/web/controller/UserController.java
+++ b/src/main/java/com/example/be/web/controller/UserController.java
@@ -30,8 +30,8 @@ public ApiResponse<CommonDTO.IsSuccessDTO> signup(@RequestBody UserDTO.SingUpReq
 
     @PostMapping("/login")
     @Operation(summary = "로그인 API")
-    public ApiResponse<CommonDTO.IsSuccessDTO> login(@RequestBody UserDTO.LoginRequestDto request, HttpServletResponse response) {
-        return ApiResponse.onSuccess(userService.login(request, response));
+    public ApiResponse<CommonDTO.IsSuccessDTO> login(@RequestBody UserDTO.LoginRequestDto dtoRequest, HttpServletResponse response, HttpServletRequest request) {
+        return ApiResponse.onSuccess(userService.login(dtoRequest, response, request));
     }
 
     @PostMapping("/info")