diff --git a/src/server/gpodder/advanced/auth.rs b/src/server/gpodder/advanced/auth.rs
index 242082a..b0bccaf 100644
--- a/src/server/gpodder/advanced/auth.rs
+++ b/src/server/gpodder/advanced/auth.rs
@@ -10,10 +10,13 @@ use axum_extra::{
 };
 use cookie::time::Duration;
 
-use crate::server::{
-    error::{AppError, AppResult},
-    gpodder::SESSION_ID_COOKIE,
-    Context,
+use crate::{
+    gpodder,
+    server::{
+        error::{AppError, AppResult},
+        gpodder::SESSION_ID_COOKIE,
+        Context,
+    },
 };
 
 pub fn router() -> Router<Context> {
@@ -33,6 +36,31 @@ async fn post_login(
         return Err(AppError::BadRequest);
     }
 
+    // If a session token is present, we check if it's valid first and do nothing if it is
+    if let Some(session_id) = jar
+        .get(SESSION_ID_COOKIE)
+        .and_then(|c| c.value().parse::<i64>().ok())
+    {
+        let ctx = ctx.clone();
+        match tokio::task::spawn_blocking(move || {
+            let session = ctx.store.get_session(session_id)?;
+            ctx.store.refresh_session(&session)?;
+
+            Ok(session)
+        })
+        .await
+        .unwrap()
+        {
+            Ok(_) => {
+                return Ok(jar);
+            }
+            Err(gpodder::AuthErr::UnknownSession) => {}
+            Err(err) => {
+                return Err(AppError::from(err));
+            }
+        }
+    }
+
     let session = tokio::task::spawn_blocking(move || {
         let user = ctx
             .store
@@ -43,7 +71,12 @@ async fn post_login(
     .unwrap()?;
 
     Ok(jar.add(
-        Cookie::build((SESSION_ID_COOKIE, session.id.to_string())).max_age(Duration::days(365)),
+        Cookie::build((SESSION_ID_COOKIE, session.id.to_string()))
+            .secure(false)
+            .same_site(cookie::SameSite::Strict)
+            .http_only(true)
+            .path("/api")
+            .max_age(Duration::days(365)),
     ))
 }
 
diff --git a/src/server/gpodder/models.rs b/src/server/gpodder/models.rs
index b2268af..6098a9f 100644
--- a/src/server/gpodder/models.rs
+++ b/src/server/gpodder/models.rs
@@ -1,4 +1,4 @@
-use chrono::{DateTime, Utc};
+use chrono::{DateTime, NaiveDateTime, Utc};
 use serde::{Deserialize, Serialize};
 
 use crate::gpodder;
@@ -66,7 +66,7 @@ pub enum EpisodeActionType {
 pub struct EpisodeAction {
     pub podcast: String,
     pub episode: String,
-    pub timestamp: Option<i64>,
+    pub timestamp: Option<NaiveDateTime>,
     #[serde(default)]
     pub device: Option<String>,
     #[serde(flatten)]
@@ -160,7 +160,7 @@ impl From<gpodder::EpisodeAction> for EpisodeAction {
         Self {
             podcast: value.podcast,
             episode: value.episode,
-            timestamp: value.timestamp.map(|ts| ts.timestamp()),
+            timestamp: value.timestamp.map(|ts| ts.naive_utc()),
             device: value.device,
             action: value.action.into(),
         }
@@ -173,9 +173,7 @@ impl From<EpisodeAction> for gpodder::EpisodeAction {
             podcast: value.podcast,
             episode: value.episode,
             // TODO remove this unwrap
-            timestamp: value
-                .timestamp
-                .map(|ts| DateTime::from_timestamp(ts, 0).unwrap()),
+            timestamp: value.timestamp.map(|ts| ts.and_utc()),
             device: value.device,
             action: value.action.into(),
             time_changed: DateTime::<Utc>::MIN_UTC,