diff --git a/hawk/app/lib/hawk/secure_cookies.rb b/hawk/app/lib/hawk/secure_cookies.rb
index 41686eee1..6088ed6d9 100644
--- a/hawk/app/lib/hawk/secure_cookies.rb
+++ b/hawk/app/lib/hawk/secure_cookies.rb
@@ -13,11 +13,19 @@ def call(env)
       if headers['Set-Cookie'].present?
         cookies = headers['Set-Cookie'].split(COOKIE_SEPARATOR)
 
+        # cookies might be 2-D array in the rack-3 / sprockets-4.2
         cookies.each do |cookie|
           next if cookie.blank?
-          next if cookie =~ /;\s*secure/i
 
-          cookie << '; Secure ; HttpOnly'
+          # no matter what, always add Secure + HttpOnly
+          if not cookie.kind_of?(Array)
+            cookie << '; Secure ; HttpOnly'
+          else
+            cookie.each do |cookie_atom|
+              next if cookie_atom.blank?
+              cookie_atom << '; Secure ; HttpOnly'
+            end
+          end
         end
 
         headers['Set-Cookie'] = cookies.join(COOKIE_SEPARATOR)
diff --git a/hawk/config/initializers/secret.rb b/hawk/config/initializers/secret.rb
index b1c2c252b..9bbb0a917 100644
--- a/hawk/config/initializers/secret.rb
+++ b/hawk/config/initializers/secret.rb
@@ -8,7 +8,7 @@
   # If you change this key, all old signed cookies will become invalid!
   # Make sure the secret is at least 30 characters and all random,
   # no regular words or you"ll be exposed to dictionary attacks.
-  Rails.application.secrets.secret_key_base = secret_file.open(
+  key_base = secret_file.open(
     File::RDWR | File::CREAT,
     0600
   ) do |f|
@@ -29,4 +29,10 @@
 
     secret
   end
+  if Gem.loaded_specs['rails'].version >= Gem::Version.new("7.2")
+    Rails.application.credentials.secret_key_base = key_base
+  else
+    # deprecated
+    Rails.application.secrets.secret_key_base = key_base
+  end
 end
diff --git a/hawk/config/routes.rb b/hawk/config/routes.rb
index 86838d543..0cbce7d9e 100644
--- a/hawk/config/routes.rb
+++ b/hawk/config/routes.rb
@@ -139,7 +139,7 @@
   get '/sim/intervals/:id', as: :sim_intervals, to: 'simulator#intervals', defaults: { format: 'json' }, constraints: {id: regex_safe_id }
   get '/sim/help', as: :sim_help, to: 'simulator#help'
 
-  resource :dashboard, only: [:show, :add, :remove] do
+  resource :dashboard, only: [:show] do
     member do
       get :add
       post :add