diff --git a/docs/REST.md b/docs/REST.md
index c6004a0..9058efb 100644
--- a/docs/REST.md
+++ b/docs/REST.md
@@ -115,7 +115,7 @@ Obtain a signed json web token for authentication
 
 **Response**: If succesful, will return `{success: ""}` or `{success: "already verified"}` if the JWT provided is too early to be renewed. If unsuccesful, will return `{error: "invalid password"}` or `{error: "Username or Password Incorrect"}` depending on the authentication method. Note that if a JWT is available, the parameters will be ignored.
 
-**Notes**: I've already listed nearly every response. My final note is that the JWT is set as the cookie 'Authorization', not returned in the response.
+**Notes**: The returned JWT is set as the cookie httponly 'Authorization'. It will also return a non httponly cookie X-Auth-As with the username of the authenticated user.
 
 
 ## /api/user/update
diff --git a/templates/base.njk b/templates/base.njk
index 9d57b04..f832bc3 100644
--- a/templates/base.njk
+++ b/templates/base.njk
@@ -6,7 +6,7 @@
 	<title>{{ sitename }}</title>
 	<script>
 		//should check for and refresh login tokens on pageload..
-		if(document.cookie.match(/^(.*;)?\s*Authorization\s*=\s*[^;]+(.*)?$/) !== null) {
+		if(document.cookie.match(/^(.*;)?\s*X-Auth-As\s*=\s*[^;]+(.*)?$/) !== null) {
 			var xhr = new XMLHttpRequest();
 			xhr.open("POST", "/api/login", true);
 			xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");