diff --git a/main b/main
index 7b15574..1cafa25 100644
--- a/main
+++ b/main
@@ -663,8 +663,8 @@ async def login():
         conn.close()
 
         response = Response("""<script>window.location.href = "/oauth";</script>""")
-        response.set_cookie("session_DO_NOT_SHARE", randomCharacters)
-        response.set_cookie("legacy_migrate", "1")
+        response.set_cookie("session_DO_NOT_SHARE", randomCharacters, samesite="Strict", secure=True)
+        response.set_cookie("legacy_migrate", "1", samesite="Strict", secure=True)
         return response
 
         #resp = await make_response(redirect("/"))
diff --git a/templates/migrate.html b/templates/migrate.html
index 8355cf4..90ea53a 100644
--- a/templates/migrate.html
+++ b/templates/migrate.html
@@ -121,7 +121,7 @@
                         .then((response) => {
                             async function doStuff2() {
                                 if (response.status == 200) {
-document.cookie = 'legacy_migrate=; Max-Age=0; path=/;"
+                                    document.cookie = "legacy_migrate=; Max-Age=0; path=/;"
                                     window.location.replace("/")
                                 } else {
                                     document.getElementById("text").innerText = "Failed: " + key["error"]
diff --git a/templates/oauth.html b/templates/oauth.html
index 206a30e..a39a303 100644
--- a/templates/oauth.html
+++ b/templates/oauth.html
@@ -59,7 +59,7 @@
 
 
         function cuser_authorize() {
-            document.cookie = "prefuser" + "=" + window.prompt("Choose your custom username (cannot be longer than 20 characters)") + "; expires=Session" + "; path=/" + "; samesite=Strict";
+            document.cookie = "prefuser" + "=" + window.prompt("Choose your custom username (cannot be longer than 20 characters)") + "; expires=Session" + "; path=/" + "; samesite=Strict; secure=true;";
             authorize()
         }
 
@@ -137,7 +137,7 @@
                             async function doStuff2() {
                                 let key = await response.json()
                                 if (response.status == 200) {
-                                    document.cookie = "session_DO_NOT_SHARE" + "=" + (key["key"] || "") + "; expires=Session" + "; path=/" + "; samesite=Strict";
+                                    document.cookie = "session_DO_NOT_SHARE" + "=" + (key["key"] || "") + "; expires=Session" + "; path=/" + "; samesite=Strict; secure=true;"
                                     window.location.replace("/")
                                 } else if (response.status == 422) {
                                     document.getElementById("text").innerText = "Username taken. Migrate or choose a new custom username!"