diff --git a/src/server/rest.rs b/src/server/rest.rs
index 1a7831cc..d9263778 100644
--- a/src/server/rest.rs
+++ b/src/server/rest.rs
@@ -295,8 +295,6 @@ fn get_index() ->  BoxFut {
     let resp = Response::builder()
         .status(StatusCode::OK)
         .header(header::CONTENT_TYPE, "text/html")
-        // emulate succssful login, so that Proxmox:Utils.authOk() returns true
-        .header(header::SET_COOKIE, "PBSAuthCookie=\"XXX\"") // fixme: remove
         .body(index.into())
         .unwrap();
 
diff --git a/www/Utils.js b/www/Utils.js
index 258136a1..cbd53122 100644
--- a/www/Utils.js
+++ b/www/Utils.js
@@ -9,7 +9,10 @@ Ext.define('PBS.Utils', {
     updateLoginData: function(data) {
 	Proxmox.CSRFPreventionToken = data.CSRFPreventionToken;
 	Proxmox.UserName = data.username;
-	Ext.util.Cookies.set('PBSAuthCookie', data.ticket, null, '/', null, true );
+	console.log(data.ticket);
+	// fixme: use secure flag once we have TLS
+	//Ext.util.Cookies.set('PBSAuthCookie', data.ticket, null, '/', null, true );
+	Ext.util.Cookies.set('PBSAuthCookie', data.ticket, null, '/', null, false);
     },
 
     constructor: function() {