diff --git a/index.js b/index.js
index d41b2378..3b4e4e3e 100644
--- a/index.js
+++ b/index.js
@@ -228,6 +228,7 @@ function session(options) {
       }
 
       if (!shouldSetCookie(req)) {
+        debug('should not set cookie');
         return;
       }
 
@@ -240,6 +241,7 @@ function session(options) {
       if (!touched) {
         // touch session
         req.session.touch()
+        debug('touch session');
         touched = true
       }
 
@@ -631,17 +633,21 @@ function hash(sess) {
 function issecure(req, trustProxy) {
   // socket is https server
   if (req.connection && req.connection.encrypted) {
+    debug('connection encrypted');
     return true;
   }
 
   // do not trust proxy
   if (trustProxy === false) {
+    debug('proxy untrusted');
     return false;
   }
 
   // no explicit trust; try req.secure from express
   if (trustProxy !== true) {
-    return req.secure === true
+    var reqSecure = req.secure === true
+    debug('request %s', reqSecure ? 'secure' : 'insecure');
+    return reqSecure
   }
 
   // read the proto from x-forwarded-proto header
@@ -651,7 +657,9 @@ function issecure(req, trustProxy) {
     ? header.substr(0, index).toLowerCase().trim()
     : header.toLowerCase().trim()
 
-  return proto === 'https';
+  var protoSecure = proto === 'https';
+  debug('protocol %s', protoSecure ? 'secure' : 'insecure');
+  return protoSecure;
 }
 
 /**