diff --git a/config/settings.py b/config/settings.py
index 00b4048..41cf535 100644
--- a/config/settings.py
+++ b/config/settings.py
@@ -174,7 +174,7 @@ REST_FRAMEWORK = {
 REST_USE_JWT = True
 
 SIMPLE_JWT = {
-    'ACCESS_TOKEN_LIFETIME': timedelta(days=7), # minutes = 15
+    'ACCESS_TOKEN_LIFETIME': timedelta(minutes= 15),
     'REFRESH_TOKEN_LIFETIME': timedelta(days=7),
     'ROTATE_REFRESH_TOKENS': True,
     'BLACKLIST_AFTER_ROTATION': True,
@@ -213,7 +213,7 @@ SESSION_EXPIRE_AT_BROWSER_CLOSE = True
 SESSION_COOKIE_AGE = 86400
 
 # https에서만 세션 쿠키가 전송 (default false) https 배포 시 true로
-SESSION_COOKIE_SECURE = False
+SESSION_COOKIE_SECURE = True
 
 GOOGLE_CLIENT_ID = env('GOOGLE_CLIENT_ID')
 
diff --git a/users/serializers.py b/users/serializers.py
index 315224f..9110442 100644
--- a/users/serializers.py
+++ b/users/serializers.py
@@ -30,6 +30,15 @@ class SetPortofolioRequiredInfoSerializer(serializers.ModelSerializer):
         model = User
         fields = ['custom_url', 'job_and_interests']
 
+    def validate(self, attrs):
+        custom_url = attrs.get("custom_url")
+
+        if custom_url and (" " in custom_url or "." in custom_url):
+            raise serializers.ValidationError({
+                "message": "하지말라면 하지 좀 마"
+            })
+        
+        return super().validate(attrs)
 class TagUserSerializer(serializers.ModelSerializer):
     class Meta:
         model = User
diff --git a/users/views.py b/users/views.py
index f8e557e..b0a18e9 100644
--- a/users/views.py
+++ b/users/views.py
@@ -42,7 +42,7 @@ class RefreshAPIView(APIView):
             serializer = TokenRefreshSerializer(data={'refresh': refresh})
             if serializer.is_valid():
                 res = Response({"access": serializer.validated_data['access']}, status=status.HTTP_200_OK)
-            res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=not settings.DEBUG)
+            res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=True)
             return res
         except TokenError as e:
             return Response({"message": f"Invalid token: {e}"}, status=status.HTTP_401_UNAUTHORIZED)
@@ -93,7 +93,7 @@ class GoogleLoginAPIView(APIView):
                     },
                     status=status.HTTP_200_OK,
                 )
-            res.set_cookie("refresh", str(refresh), httponly=True, samesite=None, secure=not settings.DEBUG)
+            res.set_cookie("refresh", str(refresh), httponly=True, samesite=None, secure=True)
             return res
         else:
             return Response(
@@ -154,7 +154,7 @@ class LoginAPIView(APIView):
                     },
                     status=status.HTTP_200_OK,
                 )
-                res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=not settings.DEBUG)
+                res.set_cookie("refresh", serializer.validated_data['refresh'], httponly=True, samesite=None, secure=True)
                 return res
             else:
                 return Response(serializer.errors)
@@ -206,7 +206,7 @@ class SetPortofolioRequiredInfoAPIView(APIView):
     def patch(self, request):
         user = request.user
         serializer = SetPortofolioRequiredInfoSerializer(user, data=request.data)
-        if serializer.is_valid():
+        if serializer.is_valid(raise_exception=True):
             serializer.save()
             user.is_custom_url = True
             user.save()