diff --git a/relay/frontend/static/functions.js b/relay/frontend/static/functions.js
index 3083f45..3f8a181 100644
--- a/relay/frontend/static/functions.js
+++ b/relay/frontend/static/functions.js
@@ -499,8 +499,7 @@ function page_login() {
 	async function login(event) {
 		const values = {
 			username: fields.username.value.trim(),
-			password: fields.password.value.trim(),
-			redir: fields.redir.value.trim()
+			password: fields.password.value.trim()
 		}
 
 		if (values.username === "" | values.password === "") {
@@ -509,14 +508,16 @@ function page_login() {
 		}
 
 		try {
-			await request("POST", "v1/login", values);
+			application = await request("POST", "v1/login", values);
 
 		} catch (error) {
 			toast(error);
 			return;
 		}
 
-		document.location = values.redir;
+		const max_age = 60 * 60 * 24 * 30;
+		document.cookie = `user-token=${application.token};Secure;SameSite=Strict;Domain=${document.location.host};MaxAge=${max_age}`;
+		document.location = fields.redir.value.trim();
 	}
 
 
diff --git a/relay/views/api.py b/relay/views/api.py
index 089fcdf..7769cdd 100644
--- a/relay/views/api.py
+++ b/relay/views/api.py
@@ -181,7 +181,16 @@ async def handle_login(
 
 		application = s.put_app_login(user)
 
-	return objects.Application.from_row(application)
+	return objects.Application(
+		application.client_id,
+		application.client_secret,
+		application.name,
+		application.website,
+		application.redirect_uri,
+		application.token,
+		application.created,
+		application.accessed
+	)
 
 
 @Route(HttpMethod.GET, "/api/v1/app", "Application", True)