diff --git a/server/utils/oidc-provider.ts b/server/utils/oidc-provider.ts
index d230fe1..2c9fafe 100644
--- a/server/utils/oidc-provider.ts
+++ b/server/utils/oidc-provider.ts
@@ -11,6 +11,10 @@ import { MongoAdapter } from "./oidc-mongodb-adapter.js";
 import Member from "../models/member.js";
 import { connectDB } from "./mongoose.js";
 
+if (process.env.NODE_ENV === 'production' && !process.env.OIDC_COOKIE_SECRET) {
+  throw new Error('OIDC_COOKIE_SECRET must be set in production')
+}
+
 /**
  * Renders a standalone HTML page in the guild dark style.
  * Used for OIDC logout/error screens that are served outside Nuxt.