diff --git a/internal/webserver/authenticators/init.go b/internal/webserver/authenticators/init.go
index dfcd427..4d3cc32 100644
--- a/internal/webserver/authenticators/init.go
+++ b/internal/webserver/authenticators/init.go
@@ -51,17 +51,17 @@ func (e *enable) Enable() {
 	*e = true
 }
 
-func IssueChallengeTokenCookie(w http.ResponseWriter, r *http.Request, challenge string) error {
+func IssueChallengeTokenCookie(w http.ResponseWriter, r *http.Request, challenge string) {
 
 	cookie := http.Cookie{
 		Name:     "challenge",
 		Value:    challenge,
 		Expires:  time.Now().Add(8 * time.Hour),
-		SameSite: http.SameSiteNoneMode,
-		Secure:   r.URL.Scheme == "https",
+		SameSite: http.SameSiteLaxMode,
+		Secure:   true,
 		HttpOnly: false,
+		Path:     "/",
 	}
 	http.SetCookie(w, &cookie)
 
-	return nil
 }
diff --git a/internal/webserver/resources/static/js/challenge.js b/internal/webserver/resources/static/js/challenge.js
index a722395..dfb2404 100644
--- a/internal/webserver/resources/static/js/challenge.js
+++ b/internal/webserver/resources/static/js/challenge.js
@@ -4,11 +4,12 @@ const url = (httpsEnabled ? 'wss://' : 'ws://') + window.location.host + "/chall
 
 let backoff = 200;
 let challenge = localStorage.getItem("challenge");
-if (challenge === null) {
+if (challenge === null || challenge === "null") {
     // oidc sets the challenge via cookie
     challenge = getCookie("challenge");
-    localStorage.setItem("challenge", challenge)
-
+    if(challenge !== null) {
+        localStorage.setItem("challenge", challenge)
+    }
     deleteCookie("challenge")
 }
 
diff --git a/internal/webserver/resources/static/js/pam.js b/internal/webserver/resources/static/js/pam.js
index 4ea10c0..8dacfce 100644
--- a/internal/webserver/resources/static/js/pam.js
+++ b/internal/webserver/resources/static/js/pam.js
@@ -72,9 +72,9 @@ async function loginUser(location) {
             document.getElementById("error").hidden = false;
             return
         }
-
-        localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE"))
-
+        if (send.headers.get("WAG-CHALLENGE") !== null) {
+            localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE"))
+        }
     } catch (e) {
         console.log("logging in user failed")
         document.getElementById("errorMsg").textContent = e.message;
diff --git a/internal/webserver/resources/static/js/totp.js b/internal/webserver/resources/static/js/totp.js
index a496b7f..57f91bb 100644
--- a/internal/webserver/resources/static/js/totp.js
+++ b/internal/webserver/resources/static/js/totp.js
@@ -80,8 +80,11 @@ async function loginUser(location) {
             return
         }
 
-        localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE"))
-        
+
+        if (send.headers.get("WAG-CHALLENGE") !== null) {
+            localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE"))
+        }
+
     } catch (e) {
         console.log("logging in user failed")
         document.getElementById("errorMsg").textContent = e.message;
diff --git a/internal/webserver/resources/static/js/webauthn.js b/internal/webserver/resources/static/js/webauthn.js
index 60eb934..60de357 100644
--- a/internal/webserver/resources/static/js/webauthn.js
+++ b/internal/webserver/resources/static/js/webauthn.js
@@ -213,8 +213,10 @@ async function loginUser(event) {
 
             return
         }
-
-        localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE"))
+        
+        if (send.headers.get("WAG-CHALLENGE") !== null) {
+            localStorage.setItem("challenge", send.headers.get("WAG-CHALLENGE"))
+        }
 
     } catch (e) {
         console.log("logging in failed: ", e)