diff --git a/backend/main.go b/backend/main.go
index c2dd9de..4a0b08c 100644
--- a/backend/main.go
+++ b/backend/main.go
@@ -12,7 +12,6 @@ import (
 	"screenmark/screenmark/.gen/haystack/haystack/model"
 	"screenmark/screenmark/agents/client"
 	"screenmark/screenmark/models"
-	"time"
 
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/chi/v5/middleware"
@@ -311,28 +310,10 @@ func main() {
 			return
 		}
 
-		accessCookie := http.Cookie{
-			Name:     "access",
-			Value:    access,
-			Expires:  time.Now().Add(1 * time.Hour),
-			Secure:   false,
-			HttpOnly: true,
-		}
-
-		refreshCookie := http.Cookie{
-			Name:     "refresh",
-			Value:    access,
-			Expires:  time.Now().Add(24 * 30 * time.Hour),
-			Secure:   false,
-			HttpOnly: true,
-			Path:     "/refresh",
-		}
-
-		http.SetCookie(w, &accessCookie)  // TODO
-		http.SetCookie(w, &refreshCookie) // TODO
-
 		w.WriteHeader(http.StatusOK)
 		w.Header().Add("Content-Type", "application/json")
+
+		fmt.Fprint(w, string(json))
 	})
 
 	log.Println("Listening and serving on port 3040.")
diff --git a/frontend/src/Login.tsx b/frontend/src/Login.tsx
index 8cb802f..377276e 100644
--- a/frontend/src/Login.tsx
+++ b/frontend/src/Login.tsx
@@ -25,7 +25,13 @@ export const Login: Component = () => {
                 throw new Error("bruh, no code");
             }
 
-            await postCode(email.toString(), code.toString());
+            const { access, refresh } = await postCode(
+                email.toString(),
+                code.toString(),
+            );
+
+            localStorage.setItem("access", access);
+            localStorage.setItem("refresh", refresh);
         }
     };
 
diff --git a/frontend/src/network/index.ts b/frontend/src/network/index.ts
index 8642ee6..7e4084b 100644
--- a/frontend/src/network/index.ts
+++ b/frontend/src/network/index.ts
@@ -124,12 +124,22 @@ export const postLogin = async (email: string): Promise<void> => {
     await fetch(request);
 };
 
-export const postCode = async (email: string, code: string): Promise<void> => {
+const codeValidator = strictObject({
+    access: string(),
+    refresh: string(),
+});
+
+export const postCode = async (
+    email: string,
+    code: string,
+): Promise<InferOutput<typeof codeValidator>> => {
     const request = getBaseRequest({
         path: "code",
         body: JSON.stringify({ email, code }),
         method: "POST",
     });
 
-    await fetch(request).then((res) => res.json());
+    const res = await fetch(request).then((res) => res.json());
+
+    return parse(codeValidator, res);
 };