diff --git a/app/(auth)/uuid.ts b/app/(auth)/uuid.ts
index 2b5d4b4..1714f03 100644
--- a/app/(auth)/uuid.ts
+++ b/app/(auth)/uuid.ts
@@ -1,12 +1,25 @@
 import { cookies } from 'next/headers'
+import { NextResponse } from 'next/server'
 import type { Session } from '@supabase/supabase-js'
-import type { NextResponse } from 'next/server'
 
 const cookieName = 'user_uuid'
 
 export const getUuid = () => cookies().get(cookieName)?.value ?? undefined
 
-export const setUuid = (res: NextResponse, session: Session): NextResponse => {
-  res.cookies.set(cookieName, session.user.id)
-  return res
+export const setUuidWithHeaders = (
+  headers: Headers,
+  session: Session
+): Headers => {
+  headers.append(
+    'set-cookie',
+    NextResponse.next()
+      .cookies.set(cookieName, session.user.id, {
+        httpOnly: true,
+        sameSite: 'lax',
+        maxAge: 60 * 60 * 24, // 24 hours
+        path: '/'
+      })
+      .toString()
+  )
+  return headers
 }
diff --git a/middleware.ts b/middleware.ts
index 863ed88..7e9d506 100644
--- a/middleware.ts
+++ b/middleware.ts
@@ -1,6 +1,6 @@
-import { NextResponse, type NextRequest } from 'next/server'
+import { NextResponse, NextRequest } from 'next/server'
 import { createClient } from '@/(auth)/supabase/middleware'
-import { setUuid } from '@/(auth)/uuid'
+import { setUuidWithHeaders } from '@/(auth)/uuid'
 
 export const config = {
   matcher: [
@@ -32,12 +32,15 @@ export async function middleware(request: NextRequest) {
     request.nextUrl.pathname.startsWith('/signup')
   ) {
     if (session) {
-      return setUuid(NextResponse.redirect(new URL('/', request.url)), session)
+      return NextResponse.redirect(new URL('/', request.url))
     }
     return response
   }
   if (error || !session) {
     return NextResponse.redirect(new URL(signinUri, request.url))
   }
-  return setUuid(response, session)
+
+  return NextResponse.next({
+    headers: setUuidWithHeaders(new Headers(request.headers), session)
+  })
 }