diff --git a/public/lucidAuth.setXDomainCookie.php b/public/lucidAuth.setXDomainCookie.php
index 20835e4..409f524 100644
--- a/public/lucidAuth.setXDomainCookie.php
+++ b/public/lucidAuth.setXDomainCookie.php
@@ -31,6 +31,8 @@
                     }))[0];
                     if (($cookieDomain && (is_null($httpOrigin) || $originDomain)) && setcookie('JWT', $queryString['token'], (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
                         header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+                        header('Access-Control-Allow-Credentials: true');
+                        header('Access-Control-Max-Age: 86400');
                         header("HTTP/1.1 202 Accepted");
                         exit;
                     }
diff --git a/public/misc/script.index.js b/public/misc/script.index.js
index 6c84779..effe79c 100644
--- a/public/misc/script.index.js
+++ b/public/misc/script.index.js
@@ -43,6 +43,9 @@ console.log('CrossDomainLogin initiated');
                             XHR.push($.get({
                                 url: "https://auth." + domain + "/lucidAuth.setXDomainCookie.php",
                                 crossDomain: true,
+                                xhrFields: {
+                                    withCredentials: true,
+                                },
                                 data: {
                                     ref: btoa(JSON.stringify({
                                         action: 'login',