diff --git a/src/webserver/Authentication.jl b/src/webserver/Authentication.jl
index f74b4b7d68..45644703d5 100644
--- a/src/webserver/Authentication.jl
+++ b/src/webserver/Authentication.jl
@@ -103,8 +103,7 @@ function auth_middleware(handler)
                 filter!(p -> p[1] != "Access-Control-Allow-Origin", response.headers)
                 HTTP.setheader(response, "Access-Control-Allow-Origin" => "*")
             end
-            
-            if HTTP.URI(request.target).path ∈ ("", "/")
+            if required || HTTP.URI(request.target).path ∈ ("", "/")
                 add_set_secret_cookie!(session, response)
             end
             response