diff --git a/app.js b/app.js
index 01700f82..cf6186ad 100644
--- a/app.js
+++ b/app.js
@@ -1,6 +1,8 @@
 const path = require("path");
 const express = require("express");
 const bodyParser = require("body-parser");
+const cookieParser = require("cookie-parser");
+const common = require("./common");
 const app = express();
 
 //Declare all Routes here
@@ -22,6 +24,7 @@ const switchRoutes = require("./routes/switch");
 const baseHref = '/rtl/';
 const apiRoot = baseHref + 'api/';
 
+app.use(cookieParser(common.cookieParserSecret));
 app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({ extended: false }));
 app.use(baseHref, express.static(path.join(__dirname, "angular")));
diff --git a/common.js b/common.js
index 880941fe..18d7442e 100644
--- a/common.js
+++ b/common.js
@@ -1,3 +1,5 @@
+var crypto = require('crypto');
+
 var common = {};
 
 common.port = 3000;
@@ -14,6 +16,7 @@ common.rtl_sso = 0;
 common.rtl_cookie_path = '';
 common.logout_redirect_link = '/login';
 common.cookie = '';
+common.cookieParserSecret = crypto.randomBytes(64).toString('hex');
 
 common.convertToBTC = (num) => {
 	return (num / 100000000).toFixed(6);
diff --git a/connect.js b/connect.js
index 723ab43a..d94fc0ee 100644
--- a/connect.js
+++ b/connect.js
@@ -1,4 +1,5 @@
 var fs = require('fs');
+var crypto = require('crypto');
 var clArgs = require('optimist').argv;
 var ini = require('ini');
 var common = require('./common');
@@ -205,7 +206,7 @@ const readCookie = (cookieFile) => {
     try {
       var dirname = path.dirname(cookieFile);
       createDirectory(dirname);
-      fs.writeFileSync(cookieFile, String.random(50));
+      fs.writeFileSync(cookieFile, crypto.randomBytes(64).toString('hex'));
       common.cookie = fs.readFileSync(cookieFile, 'utf-8');
     }
     catch(err) {
diff --git a/controllers/authenticate.js b/controllers/authenticate.js
index 252ff2db..9e8a5d4a 100644
--- a/controllers/authenticate.js
+++ b/controllers/authenticate.js
@@ -6,10 +6,30 @@ var upperCase = require('upper-case');
 var atob = require('atob');
 var logger = require('./logger');
 
+exports.authenticateUserWithCookie = (req, res, next) => {
+  if(+common.rtl_sso) {
+    res.cookie('access-key', req.query['access-key'], { signed: true, httpOnly: true, sameSite: true, secure: true });
+    res.set(
+      {
+        'Cache-Control': 'private, no-cache'
+      }
+    );
+    res.redirect(301, '/rtl/');
+  }
+  else
+  {
+    res.status(404).json({
+      message: "Login Failure!",
+      error: "SSO not available"
+    });
+  }
+};
+
 exports.authenticateUser = (req, res, next) => {
-  password = atob(req.body.password);
   if(+common.rtl_sso) {
-    if (common.cookie === password) {
+    const access_key = req.cookies['access-key'];
+    res.clearCookie("access-key");
+    if (common.cookie === access_key) {
       const token = jwt.sign(
         { user: 'Custom_User', lndConfigPath: common.lnd_config_path, macaroonPath: common.macaroon_path },
         'default_secret_key'
@@ -22,6 +42,7 @@ exports.authenticateUser = (req, res, next) => {
       });
     }
   } else {
+    password = atob(req.body.password);
     if(upperCase(common.node_auth_type) === 'CUSTOM') {
       if (common.rtl_pass === password) {
         var rpcUser = 'Custom_User';
diff --git a/package-lock.json b/package-lock.json
index b2c3766a..81faa501 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2724,6 +2724,15 @@
       "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz",
       "integrity": "sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s="
     },
+    "cookie-parser": {
+      "version": "1.4.4",
+      "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.4.tgz",
+      "integrity": "sha512-lo13tqF3JEtFO7FyA49CqbhaFkskRJ0u/UAiINgrIXeRCY41c88/zxtrECl8AKH3B0hj9q10+h3Kt8I7KlW4tw==",
+      "requires": {
+        "cookie": "0.3.1",
+        "cookie-signature": "1.0.6"
+      }
+    },
     "cookie-signature": {
       "version": "1.0.6",
       "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
diff --git a/package.json b/package.json
index 02a1b28e..a5fe91c9 100644
--- a/package.json
+++ b/package.json
@@ -34,6 +34,7 @@
     "angular-user-idle": "^2.0.0",
     "angularx-qrcode": "^1.5.3",
     "atob": "^2.1.2",
+    "cookie-parser": "^1.4.4",
     "core-js": "^2.5.4",
     "express": "^4.16.4",
     "hammerjs": "^2.0.8",
diff --git a/routes/authenticate.js b/routes/authenticate.js
index 21084780..cf68e15f 100644
--- a/routes/authenticate.js
+++ b/routes/authenticate.js
@@ -2,6 +2,7 @@ const AuthenticateController = require("../controllers/authenticate");
 const express = require("express");
 const router = express.Router();
 
+router.get("/cookie", AuthenticateController.authenticateUserWithCookie);
 router.post("/", AuthenticateController.authenticateUser);
 
 module.exports = router;