diff --git a/server/basic_auth.go b/server/basic_auth.go
index 5a15605e..1e84addc 100644
--- a/server/basic_auth.go
+++ b/server/basic_auth.go
@@ -20,19 +20,15 @@ func getUserIdContextKey() string {
 	return userIdContextKey
 }
 
-// Purpose of this cookie is to store the user's id.
 func setUserSession(c echo.Context, user *api.User) error {
-	sess, err := session.Get("session", c)
-	if err != nil {
-		return fmt.Errorf("failed to get session, err: %w", err)
-	}
+	sess, _ := session.Get("session", c)
 	sess.Options = &sessions.Options{
 		Path:     "/",
 		MaxAge:   1000 * 3600 * 24 * 30,
 		HttpOnly: true,
 	}
 	sess.Values[userIdContextKey] = user.Id
-	err = sess.Save(c.Request(), c.Response())
+	err := sess.Save(c.Request(), c.Response())
 	if err != nil {
 		return fmt.Errorf("failed to set session, err: %w", err)
 	}
@@ -41,17 +37,14 @@ func setUserSession(c echo.Context, user *api.User) error {
 }
 
 func removeUserSession(c echo.Context) error {
-	sess, err := session.Get("session", c)
-	if err != nil {
-		return fmt.Errorf("failed to get session, err: %w", err)
-	}
+	sess, _ := session.Get("session", c)
 	sess.Options = &sessions.Options{
 		Path:     "/",
 		MaxAge:   0,
 		HttpOnly: true,
 	}
 	sess.Values[userIdContextKey] = nil
-	err = sess.Save(c.Request(), c.Response())
+	err := sess.Save(c.Request(), c.Response())
 	if err != nil {
 		return fmt.Errorf("failed to set session, err: %w", err)
 	}
@@ -59,7 +52,7 @@ func removeUserSession(c echo.Context) error {
 	return nil
 }
 
-// Use session in the initial version
+// Use session to store user.id.
 func BasicAuthMiddleware(us api.UserService, next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
 		// Skips auth
diff --git a/server/server.go b/server/server.go
index 4693ab53..1860bba4 100644
--- a/server/server.go
+++ b/server/server.go
@@ -5,6 +5,7 @@ import (
 	"memos/api"
 	"time"
 
+	"github.com/gorilla/securecookie"
 	"github.com/gorilla/sessions"
 	"github.com/labstack/echo-contrib/session"
 	"github.com/labstack/echo/v4"
@@ -45,7 +46,7 @@ func NewServer(port int) *Server {
 		HTML5:   true,
 	}))
 
-	e.Use(session.Middleware(sessions.NewCookieStore([]byte("just_memos"))))
+	e.Use(session.Middleware(sessions.NewCookieStore([]byte(securecookie.GenerateRandomKey(16)))))
 
 	s := &Server{
 		e:    e,