diff --git a/src/routes/auth/callback.js b/src/routes/auth/callback.js
index 2860783..12c0622 100644
--- a/src/routes/auth/callback.js
+++ b/src/routes/auth/callback.js
@@ -6,6 +6,8 @@ module.exports.get = () => ({
 			access_token: accessToken,
 			expires_in: expiresIn,
 		} = await this.discord.getAccessTokenFromAuthorizationCodeFlow(req);
+		const redirect = this.states.get(req.query.state) || '/';
+		this.states.delete(req.query.state);
 		const user = await (await fetch('https://discordapp.com/api/users/@me', { headers: { 'Authorization': `Bearer ${accessToken}` } })).json();
 		const token = this.jwt.sign({
 			accessToken,
@@ -16,16 +18,14 @@ module.exports.get = () => ({
 			locale: user.locale,
 			username: user.username,
 		});
-		res
-			.setCookie('token', token, {
-				domain,
-				httpOnly: true,
-				maxAge: expiresIn,
-				path: '/',
-				sameSite: true,
-				secure: false,
-			})
-			.redirect(this.states.get(req.query.state) || '/');
-		this.states.delete(req.query.state);
+		res.setCookie('token', token, {
+			domain,
+			httpOnly: true,
+			maxAge: expiresIn,
+			path: '/',
+			sameSite: 'Lax',
+			secure: false,
+		});
+		return res.redirect(303, redirect);
 	},
 });