diff --git a/src/api/routes/mod.rs b/src/api/routes/mod.rs
index 7a0f7e1..a9c82f9 100644
--- a/src/api/routes/mod.rs
+++ b/src/api/routes/mod.rs
@@ -9,12 +9,12 @@ pub mod user;
 pub fn fuel(rocket: Rocket) -> Rocket {
     let mut rocket = rocket;
 
-    let mut cors_options = CorsOptions::default();
+    let mut cors_options = CorsOptions::default().allow_credentials(true);
     cors_options.expose_headers.insert("Set-Cookie".to_owned());
-    cors_options.allow_credentials(true);
+    let cors = cors_options.to_cors().unwrap();
 
     rocket = health::fuel(rocket);
     rocket = paste::fuel(rocket);
     rocket = user::fuel(rocket);
-    rocket.attach(cors_options.to_cors().unwrap())
+    rocket.attach(cors)
 }
diff --git a/src/utils/users.rs b/src/utils/users.rs
index 198a3a9..b5290f1 100644
--- a/src/utils/users.rs
+++ b/src/utils/users.rs
@@ -10,6 +10,7 @@ pub fn get_session_id(ck: &mut Cookies) -> String {
             let cookie = Cookie::build("session", user_id.clone())
                 .domain(".katb.in")
                 .same_site(SameSite::Lax)
+                .secure(true)
                 .permanent()
                 .finish();
             ck.add_private(cookie);