diff --git a/src/Util/HttpUtil.php b/src/Util/HttpUtil.php
index c70a034..cc597ad 100644
--- a/src/Util/HttpUtil.php
+++ b/src/Util/HttpUtil.php
@@ -11,6 +11,7 @@
 use AnzuSystems\AuthBundle\Exception\NotFoundAccessTokenException;
 use AnzuSystems\AuthBundle\Helper\ConditionHelper;
 use AnzuSystems\AuthBundle\Model\RefreshTokenDto;
+use DateTimeImmutable;
 use Lcobucci\JWT\Encoding\JoseEncoder;
 use Lcobucci\JWT\Token;
 use Lcobucci\JWT\Token\Parser;
@@ -88,7 +89,7 @@ public function grabDeviceIdFromRequest(Request $request): string
     /**
      * @throws InvalidJwtException
      */
-    public function storeJwtOnResponse(Response $response, Token $token): void
+    public function storeJwtOnResponse(Response $response, Token $token, DateTimeImmutable $expiresAt = null): void
     {
         $rawToken = $token->toString();
         [$header, $claims, $signature] = explode('.', $rawToken, 3);
@@ -97,16 +98,17 @@ public function storeJwtOnResponse(Response $response, Token $token): void
             throw InvalidJwtException::create($rawToken);
         }
 
+        $lifetime = $expiresAt?->getTimestamp() ?? $this->jwtConfiguration->getLifetime();
         $payloadCookie = $this->createCookie(
             $this->cookieConfiguration->getJwtPayloadCookieName(),
             $header . '.' . $claims,
-            $this->jwtConfiguration->getLifetime(),
+            $lifetime,
             false
         );
         $signatureCookie = $this->createCookie(
             $this->cookieConfiguration->getJwtSignatureCookieName(),
             $signature,
-            $this->jwtConfiguration->getLifetime()
+            $lifetime
         );
         $refreshTokenExistenceCookie = $this->createCookie(
             $this->cookieConfiguration->getRefreshTokenExistenceCookieName(),
diff --git a/src/Util/JwtUtil.php b/src/Util/JwtUtil.php
index 52b74fd..91f8467 100644
--- a/src/Util/JwtUtil.php
+++ b/src/Util/JwtUtil.php
@@ -33,7 +33,7 @@ public function __construct(
      *
      * @throws MissingConfigurationException
      */
-    public function create(string $userIdentifier, DateTimeImmutable $expiresAt = null): Plain
+    public function create(string $authId, DateTimeImmutable $expiresAt = null): Plain
     {
         $privateCert = $this->jwtConfiguration->getPrivateCert();
 
@@ -46,7 +46,7 @@ public function create(string $userIdentifier, DateTimeImmutable $expiresAt = nu
             ->issuedAt(new DateTimeImmutable())
             ->canOnlyBeUsedAfter(new DateTimeImmutable())
             ->expiresAt($expiresAt ?: new DateTimeImmutable(sprintf('+%d seconds', $this->jwtConfiguration->getLifetime())))
-            ->relatedTo($userIdentifier)
+            ->relatedTo($authId)
             ->getToken(
                 $this->jwtConfiguration->getAlgorithm()->signer(),
                 InMemory::plainText($privateCert)
diff --git a/src/Util/StatelessTokenUtil.php b/src/Util/StatelessTokenUtil.php
index 6276e86..8ef07cc 100644
--- a/src/Util/StatelessTokenUtil.php
+++ b/src/Util/StatelessTokenUtil.php
@@ -16,9 +16,9 @@ public function __construct(
 
     public function createForRequest(Request $request): string
     {
-        return base64_encode(PasswordHelper::passwordHash(
+        return urldecode(base64_encode(PasswordHelper::passwordHash(
             $this->createPlainForRequest($request)
-        ));
+        )));
     }
 
     /**
@@ -28,7 +28,7 @@ public function isValidForRequest(Request $request, string $hash): bool
     {
         $token = $this->createPlainForRequest($request);
 
-        return password_verify($token, base64_decode($hash, strict: true));
+        return password_verify($token, urldecode(base64_decode($hash, strict: true)));
     }
 
     /**