diff --git a/revel/skeleton/conf/app.conf.template b/revel/skeleton/conf/app.conf.template
index b3d7e9d..ea47e6a 100644
--- a/revel/skeleton/conf/app.conf.template
+++ b/revel/skeleton/conf/app.conf.template
@@ -51,8 +51,10 @@ cookie.prefix = REVEL
 # server. This makes the cookie less likely to be exposed to cookie theft via
 # eavesdropping.
 #
-# In dev mode, this will default to false, otherwise it will
-# default to true.
+# Defaults to false. If 'http.ssl' is enabled, this will be defaulted to true.
+# This should only be true when Revel is handling SSL connections. If you are
+# using a proxy in front of revel (Nginx, Apache, etc), then this should be left
+# as false.
 # cookie.secure = false
 
 # Limit cookie access to a given domain