diff --git a/src/lib/server/session.ts b/src/lib/server/session.ts
index f14bafd..2efd4ff 100644
--- a/src/lib/server/session.ts
+++ b/src/lib/server/session.ts
@@ -1,4 +1,5 @@
 import { db } from "./db";
+import { dev } from "$app/environment";
 import { encodeBase32, encodeHexLowerCase } from "@oslojs/encoding";
 import { sha256 } from "@oslojs/crypto/sha2";
 
@@ -54,20 +55,16 @@ export function invalidateUserSessions(userId: number): void {
 
 export function setSessionTokenCookie(event: RequestEvent, token: string, expiresAt: Date): void {
 	event.cookies.set("session", token, {
-		httpOnly: true,
 		path: "/",
-		secure: import.meta.env.PROD,
-		sameSite: "lax",
+		secure: !dev || event.url.protocol === "https",
 		expires: expiresAt
 	});
 }
 
 export function deleteSessionTokenCookie(event: RequestEvent): void {
 	event.cookies.set("session", "", {
-		httpOnly: true,
 		path: "/",
-		secure: import.meta.env.PROD,
-		sameSite: "lax",
+		secure: !dev || event.url.protocol === "https",
 		maxAge: 0
 	});
 }
diff --git a/src/routes/login/github/+server.ts b/src/routes/login/github/+server.ts
index f95cea5..f8ce4f8 100644
--- a/src/routes/login/github/+server.ts
+++ b/src/routes/login/github/+server.ts
@@ -1,4 +1,6 @@
+import { dev } from "$app/environment";
 import { github } from "$lib/server/oauth";
+import { redirect } from "@sveltejs/kit";
 import { generateState } from "arctic";
 
 import type { RequestEvent } from "./$types";
@@ -8,17 +10,10 @@ export function GET(event: RequestEvent): Response {
 	const url = github.createAuthorizationURL(state, ["user:email"]);
 
 	event.cookies.set("github_oauth_state", state, {
-		httpOnly: true,
 		maxAge: 60 * 10,
-		secure: import.meta.env.PROD,
-		path: "/",
-		sameSite: "lax"
+		secure: !dev || event.url.protocol === "https",
+		path: "/"
 	});
 
-	return new Response(null, {
-		status: 302,
-		headers: {
-			Location: url.toString()
-		}
-	});
+	redirect(307, url.toString());
 }
diff --git a/src/routes/login/github/callback/+server.ts b/src/routes/login/github/callback/+server.ts
index 7ac4124..250edd0 100644
--- a/src/routes/login/github/callback/+server.ts
+++ b/src/routes/login/github/callback/+server.ts
@@ -1,5 +1,6 @@
 import { github } from "$lib/server/oauth";
 import { ObjectParser } from "@pilcrowjs/object-parser";
+import { error, redirect } from "@sveltejs/kit";
 import { createUser, getUserFromGitHubId } from "$lib/server/user";
 import { createSession, generateSessionToken, setSessionTokenCookie } from "$lib/server/session";
 
@@ -12,13 +13,13 @@ export async function GET(event: RequestEvent): Promise<Response> {
 	const state = event.url.searchParams.get("state");
 
 	if (storedState === null || code === null || state === null) {
-		return new Response("Please restart the process.", {
-			status: 400
+		error(400, {
+			message: "Please restart the process."
 		});
 	}
 	if (storedState !== state) {
-		return new Response("Please restart the process.", {
-			status: 400
+		error(400, {
+			message: "Please restart the process."
 		});
 	}
 
@@ -26,8 +27,8 @@ export async function GET(event: RequestEvent): Promise<Response> {
 	try {
 		tokens = await github.validateAuthorizationCode(code);
 	} catch (e) {
-		return new Response("Please restart the process.", {
-			status: 400
+		error(400, {
+			message: "Please restart the process."
 		});
 	}
 
@@ -47,12 +48,7 @@ export async function GET(event: RequestEvent): Promise<Response> {
 		const sessionToken = generateSessionToken();
 		const session = createSession(sessionToken, existingUser.id);
 		setSessionTokenCookie(event, sessionToken, session.expiresAt);
-		return new Response(null, {
-			status: 302,
-			headers: {
-				Location: "/"
-			}
-		});
+		redirect(307, "/");
 	}
 
 	const emailListRequest = new Request("https://api.github.com/user/emails");
@@ -60,8 +56,8 @@ export async function GET(event: RequestEvent): Promise<Response> {
 	const emailListResponse = await fetch(emailListRequest);
 	const emailListResult: unknown = await emailListResponse.json();
 	if (!Array.isArray(emailListResult) || emailListResult.length < 1) {
-		return new Response("Please restart the process.", {
-			status: 400
+		error(400, {
+			message: "Please restart the process."
 		});
 	}
 	let email: string | null = null;
@@ -74,8 +70,8 @@ export async function GET(event: RequestEvent): Promise<Response> {
 		}
 	}
 	if (email === null) {
-		return new Response("Please verify your GitHub email address.", {
-			status: 400
+		error(400, {
+			message: "Please verify your GitHub email address."
 		});
 	}
 
@@ -83,10 +79,5 @@ export async function GET(event: RequestEvent): Promise<Response> {
 	const sessionToken = generateSessionToken();
 	const session = createSession(sessionToken, user.id);
 	setSessionTokenCookie(event, sessionToken, session.expiresAt);
-	return new Response(null, {
-		status: 302,
-		headers: {
-			Location: "/"
-		}
-	});
+	redirect(307, "/");
 }