Play! Framework on Heroku: validation.keep() isn't working over HTTPS
There is currently an incompatibility in the ssl (x-forwarded-proto) support for play on heroku that causes all requests to be considered insecure.
So maybe this is related to the cookies your browser is sending back?