To enable a secure context for your SvelteKit development environment and access it from other devices (e.g., phones or tablets), you need to use HTTPS because “secure” cookies require a secure context in addition to Michael’s answer.

Create an SSL certificate for HTTPS. You can use tools like OpenSSL for this. On devices accessing your app, you’ll need to trust the self-signed certificate.

To make this work, I need these three steps:

Ports

npm run dev must not only open port 5173 on localhost, but on all addresses. This is done with a change in vite.config.ts:

import { sveltekit } from '@sveltejs/kit/vite';
import { defineConfig } from 'vite';

export default defineConfig({
  plugins: [sveltekit()],
  server: { host: '0.0.0.0', port: 5173 }
});

Browser settings

On the (Chrome) browser of the phone or tablet open

chrome://flags/#unsafely-treat-insecure-origin-as-secure 

and set it to the IP address of svkitdev in your network

http://192.168.179.41:5173

Cookies

This requires a hack in the Sveltekit code. In node_modules@sveltejskitsrcruntimeservercookie.js change

/** @type {import('cookie').CookieSerializeOptions} */
const defaults = {
    httpOnly: true,
    sameSite: 'lax',
    secure: false // MUH url.hostname === 'localhost' && url.protocol === 'http:' ? false : true
};

Another option is to host your project using a tunnel service like Cloudflare Argo or ngrok. Both support creating ephemeral, hard-to-guess domain names which support HTTPS and will forward connections to your app. These have the advantage that you can connect to your app via any Internet connection, not just the LAN network containing your development machine 1 for example, you can test your app over a cellular connection, or hand out the link to let other people test your app.