diff --git a/api/config/settings/common.py b/api/config/settings/common.py
index 50bc52fe0e53fae0d2dca6a3903bad68dc9adbc0..2e9421e7941793d9ce34ec6f7232d9a9dcee9fde 100644
--- a/api/config/settings/common.py
+++ b/api/config/settings/common.py
@@ -292,7 +292,7 @@ AUTHENTICATION_BACKENDS = (
     'django.contrib.auth.backends.ModelBackend',
     'allauth.account.auth_backends.AuthenticationBackend',
 )
-
+SESSION_COOKIE_HTTPONLY = False
 # Some really nice defaults
 ACCOUNT_AUTHENTICATION_METHOD = 'username_email'
 ACCOUNT_EMAIL_REQUIRED = True
diff --git a/front/src/store/auth.js b/front/src/store/auth.js
index b1753404f9be65c2d5fe2a067607d83ef45d4d6a..68a15090b5c289d2825563743f4cad7f2d3cdbf0 100644
--- a/front/src/store/auth.js
+++ b/front/src/store/auth.js
@@ -97,6 +97,11 @@ export default {
       }
     },
     fetchProfile ({commit, dispatch, state}) {
+      if (document) {
+        // this is to ensure we do not have any leaking cookie set by django
+        document.cookie = 'sessionid=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;'
+      }
+
       return axios.get('users/users/me/').then((response) => {
         logger.default.info('Successfully fetched user profile')
         let data = response.data