diff --git a/src/controllers/AuthController.ts b/src/controllers/AuthController.ts
index c2002a3..1d7418a 100644
--- a/src/controllers/AuthController.ts
+++ b/src/controllers/AuthController.ts
@@ -1,4 +1,4 @@
-import { Body, JsonController, Post } from 'routing-controllers';
+import { Body, JsonController, Post, Res } from 'routing-controllers';
 import { OpenAPI, ResponseSchema } from 'routing-controllers-openapi';
 import { IllegalJWTError, InvalidCredentialsError, JwtNotProvidedError, PasswordNeededError, RefreshTokenCountInvalidError, UsernameOrEmailNeededError } from '../errors/AuthError';
 import { UserNotFoundError } from '../errors/UserErrors';
@@ -21,10 +21,13 @@ export class AuthController {
 	@ResponseSchema(PasswordNeededError)
 	@ResponseSchema(InvalidCredentialsError)
 	@OpenAPI({ description: 'Create a new access token object' })
-	async login(@Body({ validate: true }) createAuth: CreateAuth) {
+	async login(@Body({ validate: true }) createAuth: CreateAuth, @Res() response: any) {
 		let auth;
 		try {
 			auth = await createAuth.toAuth();
+			response.cookie('lfk_backend__refresh_token', auth.refresh_token, { maxAge: 900000, httpOnly: true });
+			response.cookie('lfk_backend__refresh_token_expires_at', auth.refresh_token_expires_at, { maxAge: 900000, httpOnly: true });
+			return response.send(auth)
 		} catch (error) {
 			throw error;
 		}