diff --git a/server/handlers/authorize.go b/server/handlers/authorize.go
index e0ba477..c9b5a46 100644
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@@ -275,7 +275,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 			sessionstore.RemoveState(sessionToken)
 			sessionstore.SetState(authToken.FingerPrintHash, authToken.FingerPrint+"@"+user.ID)
 			sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
-
+			cookie.SetSession(gc, authToken.FingerPrintHash)
 			expiresIn := int64(1800)
 
 			// used of query mode
@@ -294,9 +294,6 @@ func AuthorizeHandler() gin.HandlerFunc {
 				res["refresh_token"] = authToken.RefreshToken.Token
 				params += "&refresh_token=" + authToken.RefreshToken.Token
 				sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
-			} else {
-				// set session if not offline access
-				cookie.SetSession(gc, authToken.FingerPrintHash)
 			}
 
 			if isQuery {
diff --git a/server/handlers/oauth_callback.go b/server/handlers/oauth_callback.go
index cb9eab6..2d7a268 100644
--- a/server/handlers/oauth_callback.go
+++ b/server/handlers/oauth_callback.go
@@ -158,7 +158,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 		sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
 
 		if authToken.RefreshToken != nil {
-			params = params + `&refresh_token=${refresh_token}`
+			params = params + `&refresh_token=` + authToken.RefreshToken.Token
 			sessionstore.SetState(authToken.AccessToken.Token, authToken.FingerPrint+"@"+user.ID)
 		}