diff --git a/src/forward.rs b/src/forward.rs
index 22a828a..bb4d859 100644
--- a/src/forward.rs
+++ b/src/forward.rs
@@ -145,6 +145,7 @@ pub struct CsrfToken {
 
 pub async fn forward_login(
     req: HttpRequest,
+    s: Session,
     params: web::Path<LoginToken>,
     client: web::Data<Client>,
     dbpool: web::Data<DbPool>,
@@ -162,6 +163,7 @@ pub async fn forward_login(
         crash(get_lang(&req), "error_forwardlogin_db")
     })?;
 
+    let moved_token = params.token.clone();
     // check if the link exists in DB. if it does, update lastvisit_at.
     let formdata = web::block(move || Form::get_from_token(&params.token, &conn))
         .await
@@ -174,6 +176,12 @@ pub async fn forward_login(
         crash(get_lang(&req), "error_forwardlogin_notfound")
     })?;
     
+    // copy the token in cookies.
+    s.set("sncf_admin_token", &moved_token).map_err(|e| {
+        eprintln!("error_login_setcookie (in login): {}", e);
+        crash(get_lang(&req),"error_login_setcookie")
+    })?;
+    
     // if the user is already logged in, skip the login process
     // we don't care if someone edits their cookies, Nextcloud will properly
     // check them anyway