diff --git a/src/spiffworkflow_backend/__init__.py b/src/spiffworkflow_backend/__init__.py
index f1de793d..bda2f03c 100644
--- a/src/spiffworkflow_backend/__init__.py
+++ b/src/spiffworkflow_backend/__init__.py
@@ -115,7 +115,7 @@ def create_app() -> flask.app.Flask:
         r"^https?:\/\/%s(.*)" % o.replace(".", r"\.")
         for o in app.config["CORS_ALLOW_ORIGINS"]
     ]
-    CORS(app, origins=origins_re, max_age=3600)
+    CORS(app, origins=origins_re, max_age=3600, supports_credentials=True)
 
     connexion_app.add_api("api.yml", base_path=V1_API_PATH_PREFIX)
 
diff --git a/src/spiffworkflow_backend/routes/health_controller.py b/src/spiffworkflow_backend/routes/health_controller.py
index e9831110..5d8856a4 100644
--- a/src/spiffworkflow_backend/routes/health_controller.py
+++ b/src/spiffworkflow_backend/routes/health_controller.py
@@ -10,4 +10,7 @@ from spiffworkflow_backend.models.process_instance import ProcessInstanceModel
 def status() -> flask.wrappers.Response:
     """Status."""
     ProcessInstanceModel.query.filter().first()
-    return Response(json.dumps({"ok": True}), status=200, mimetype="application/json")
+    response = Response(json.dumps({"ok": True}), status=200, mimetype="application/json")
+    response.set_cookie('TEST_COOKIE', 'HEY')
+    response.set_cookie('TEST_COOKIE', 'HEY', domain='spiff.localdev')
+    return response
diff --git a/src/spiffworkflow_backend/routes/process_groups_controller.py b/src/spiffworkflow_backend/routes/process_groups_controller.py
index f4476449..d972d18c 100644
--- a/src/spiffworkflow_backend/routes/process_groups_controller.py
+++ b/src/spiffworkflow_backend/routes/process_groups_controller.py
@@ -89,9 +89,10 @@ def process_group_list(
             "pages": pages,
         },
     }
-    response = make_response(jsonify(response_json), 200)
+    # response = make_response(jsonify(response_json), 200)
+    response = Response(json.dumps(response_json), status=200, mimetype="application/json")
     current_app.logger.info("SETTING COOKIE")
-    # response.set_cookie('TEST_COOKIE', 'HEY', domain=".spiff.dev", secure=False, httponly=True)
+    response.set_cookie('TEST_COOKIE', 'HEY1', domain='spiff.localdev')
     return response