diff --git a/app.config.ts b/app.config.ts
index 24d13b4..3dbd874 100644
--- a/app.config.ts
+++ b/app.config.ts
@@ -1,5 +1,6 @@
 export default defineAppConfig({
   appHomeBase: 'https://mzg.fan/',
+  appAdminBasePath: '/admin',
 
   backendBase: 'https://api.mzg.fan/v1',
   backendProjectId: '649758e1eb1fa584a04d',
diff --git a/packages/admin/ecosystem.config.js b/packages/admin/ecosystem.config.js
index 7a25f3e..5c45b4f 100644
--- a/packages/admin/ecosystem.config.js
+++ b/packages/admin/ecosystem.config.js
@@ -8,6 +8,7 @@ module.exports = {
       max_memory_restart: '200M',
       env: {
         'NITRO_PORT': 22321,
+        'NUXT_APP_SECURE_CONTEXT': true,
         'NUXT_BACKEND_API_KEY': ''
       }
     }
diff --git a/packages/admin/middleware/entry.global.ts b/packages/admin/middleware/entry.global.ts
index ffbf84c..284dbcb 100644
--- a/packages/admin/middleware/entry.global.ts
+++ b/packages/admin/middleware/entry.global.ts
@@ -4,7 +4,12 @@ export default defineNuxtRouteMiddleware(async (to) => {
   if (process.client) { return }
 
   const entryTokenQuery = to.query.entrytoken
-  const entryTokenCookie = useCookie('admin_entry_token')
+  const entryTokenCookie = useCookie('admin_entry_token', {
+    maxAge: 2592000,
+    path: useAppConfig().appAdminBasePath,
+    sameSite: 'strict',
+    secure: useRuntimeConfig().appSecureContext
+  })
   let entryToken = entryTokenQuery ?? entryTokenCookie.value
   if (!String(entryToken).match(/[A-Za-z0-9]{32}/)) { entryToken = null }
 
diff --git a/packages/admin/nuxt.config.ts b/packages/admin/nuxt.config.ts
index 49e8040..65e1191 100644
--- a/packages/admin/nuxt.config.ts
+++ b/packages/admin/nuxt.config.ts
@@ -41,6 +41,7 @@ export default defineNuxtConfig({
   },
 
   runtimeConfig: {
+    appSecureContext: true,
     backendApiKey: ''
   }
 })