diff --git a/src/runtime/server/lib/atproto/bluesky.ts b/src/runtime/server/lib/atproto/bluesky.ts
index 0b5495f..2125081 100644
--- a/src/runtime/server/lib/atproto/bluesky.ts
+++ b/src/runtime/server/lib/atproto/bluesky.ts
@@ -122,7 +122,12 @@ export class StateStore implements NodeSavedStateStore {
   }
 
   async set(key: string, val: NodeSavedState) {
-    setCookie(this.event, this.stateKey, btoa(JSON.stringify(val)))
+    setCookie(this.event, this.stateKey, btoa(JSON.stringify(val)), {
+      path: '/',
+      httpOnly: true,
+      secure: true,
+      sameSite: 'lax',
+    })
   }
 
   async del() {