diff --git a/copanier/__init__.py b/copanier/__init__.py
index 4d9ffe5..b2916c6 100644
--- a/copanier/__init__.py
+++ b/copanier/__init__.py
@@ -144,7 +144,9 @@ async def set_sesame(request, response, token):
         response.message("Sésame invalide :(", status="error")
     else:
         response.message("Yay! Le sésame a fonctionné. Bienvenue à bord! :)")
-        response.cookies.set(name="token", value=token)
+        response.cookies.set(
+            name="token", value=token, httponly=True, max_age=60 * 60 * 24 * 7
+        )
     response.redirect = "/"