diff --git a/CHANGELOG.md b/CHANGELOG.md
index 16b0fd54..93902309 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,6 @@
+# 1.1.1+2
+* `_apply` now always sends a `token` cookie.
+
 # 1.1.1+1
 * Update `protectCookie` to only send `maxAge` when it is not `-1`.
 
diff --git a/lib/src/plugin.dart b/lib/src/plugin.dart
index df689774..a53b05db 100644
--- a/lib/src/plugin.dart
+++ b/lib/src/plugin.dart
@@ -109,10 +109,15 @@ class AngelAuth<T> {
     });
   }
 
-  void _apply(RequestContext req, AuthToken token, user) {
+  void _apply(RequestContext req, ResponseContext res, AuthToken token, user) {
     req
       ..inject(AuthToken, req.properties['token'] = token)
       ..inject(user.runtimeType, req.properties["user"] = user);
+
+    if (allowCookie == true) {
+      res.cookies
+          .add(protectCookie(new Cookie('token', token.serialize(_hs256))));
+    }
   }
 
   /// A middleware that decodes a JWT from a request, and injects a corresponding user.
@@ -140,7 +145,7 @@ class AngelAuth<T> {
       }
 
       final user = await deserializer(token.userId);
-      _apply(req, token, user);
+      _apply(req, res, token, user);
     }
 
     return true;
@@ -173,8 +178,9 @@ class AngelAuth<T> {
     }
 
     if (_jwtLifeSpan > 0) {
-      cookie.maxAge ??=
-      _jwtLifeSpan < 0 ? -1 : _jwtLifeSpan ~/ Duration.millisecondsPerSecond;
+      cookie.maxAge ??= _jwtLifeSpan < 0
+          ? -1
+          : _jwtLifeSpan ~/ Duration.millisecondsPerSecond;
       cookie.expires ??=
           new DateTime.now().add(new Duration(milliseconds: _jwtLifeSpan));
     }
@@ -203,7 +209,8 @@ class AngelAuth<T> {
         }
 
         if (token.lifeSpan > -1) {
-          token.issuedAt.add(new Duration(milliseconds: token.lifeSpan.toInt()));
+          token.issuedAt
+              .add(new Duration(milliseconds: token.lifeSpan.toInt()));
 
           if (!token.issuedAt.isAfter(new DateTime.now())) {
             print(
@@ -272,7 +279,7 @@ class AngelAuth<T> {
             if (r != null) return r;
           }
 
-          _apply(req, token, result);
+          _apply(req, res, token, result);
 
           if (allowCookie)
             res.cookies.add(protectCookie(new Cookie("token", jwt)));
@@ -312,7 +319,7 @@ class AngelAuth<T> {
   /// Log a user in on-demand.
   Future login(AuthToken token, RequestContext req, ResponseContext res) async {
     var user = await deserializer(token.userId);
-    _apply(req, token, user);
+    _apply(req, res, token, user);
     _onLogin.add(user);
 
     if (allowCookie)
@@ -325,7 +332,7 @@ class AngelAuth<T> {
     var user = await deserializer(userId);
     var token = new AuthToken(
         userId: userId, lifeSpan: _jwtLifeSpan, ipAddress: req.ip);
-    _apply(req, token, user);
+    _apply(req, res, token, user);
     _onLogin.add(user);
 
     if (allowCookie)
diff --git a/pubspec.yaml b/pubspec.yaml
index b513c084..4bb86fb9 100644
--- a/pubspec.yaml
+++ b/pubspec.yaml
@@ -1,6 +1,6 @@
 name: angel_auth
 description: A complete authentication plugin for Angel.
-version: 1.1.1+1
+version: 1.1.1+2
 author: Tobe O <thosakwe@gmail.com>
 homepage: https://github.com/angel-dart/angel_auth
 environment: