diff --git a/public/404.html b/public/404.html
index 49f0d5d..04ddadc 100644
--- a/public/404.html
+++ b/public/404.html
@@ -2,9 +2,9 @@
 <html lang="en">
 <head>
     <meta charset="UTF-8">
-    <link rel="stylesheet" href="css/main.css">
-    <link rel="stylesheet" href="css/404.css">
-    <link rel="stylesheet" href="css/header.css">
+    <link rel="stylesheet" href="/css/main.css">
+    <link rel="stylesheet" href="/css/404.css">
+    <link rel="stylesheet" href="/css/header.css">
     <title>XSSBook - Not Found</title>
 </head>
 <body>
diff --git a/public/home.html b/public/home.html
index cc780ac..79c807b 100644
--- a/public/home.html
+++ b/public/home.html
@@ -2,16 +2,16 @@
 <html lang="en">
 <head>
     <meta charset="UTF-8">
-    <link rel="stylesheet" href="css/header.css">
-    <link rel="stylesheet" href="css/main.css">
-    <link rel="stylesheet" href="css/home.css">
+    <link rel="stylesheet" href="/css/header.css">
+    <link rel="stylesheet" href="/css/main.css">
+    <link rel="stylesheet" href="/css/home.css">
     <title>XSSBook - Home</title>
 </head>
 <body>
-    <script src="./js/main.js"></script>
-    <script src="./js/header.js"></script>
-    <script src="./js/api.js"></script>
-    <script src="./js/home.js"></script>
+    <script src="/js/main.js"></script>
+    <script src="/js/header.js"></script>
+    <script src="/js/api.js"></script>
+    <script src="/js/home.js"></script>
     <script>load()</script>
 </body>
 </html>
\ No newline at end of file
diff --git a/public/js/api.js b/public/js/api.js
index 371ecf3..05a0906 100644
--- a/public/js/api.js
+++ b/public/js/api.js
@@ -1,4 +1,4 @@
-const endpoint = 'https://xssbook.com/api'
+const endpoint = 'https://xssbook.com'
 
 const request = async (url, body, method) => {
     if (method === undefined) method = 'POST'
diff --git a/public/js/home.js b/public/js/home.js
index e0186a8..7697c29 100644
--- a/public/js/home.js
+++ b/public/js/home.js
@@ -7,6 +7,9 @@ function parseDate(date) {
 
 function parseComment(comment) {
     const author = data.users[comment.user]
+    if (author === undefined) {
+        author = {}
+    }
     const html = `
     <div class="comment">
         <a class="pfp">
@@ -23,6 +26,9 @@ function parseComment(comment) {
 
 function parsePost(post) {
     const author = data.users[post.user]
+    if (author === undefined) {
+        author = {}
+    }
     const html = `
     <div class="post" postid=${post.id}>
         <div class="postheader">
@@ -189,6 +195,11 @@ async function load() {
     data.posts.push(... posts)
     const batch = []
     for (const post of posts) {
+        for(const comment of post.comments) {
+            if (data.users[comment.user] !== undefined) continue
+            if (batch.includes(comment.user)) continue
+            batch.push(comment.user)
+        }
         if (data.users[post.user] !== undefined) continue
         if (batch.includes(post.user)) continue
         batch.push(post.user)
diff --git a/public/login.html b/public/login.html
index 538d248..50b4724 100644
--- a/public/login.html
+++ b/public/login.html
@@ -2,10 +2,10 @@
 <html lang="en">
 <head>
     <meta charset="UTF-8">
-    <link rel="stylesheet" href="css/main.css">
-    <link rel="stylesheet" href="css/login.css">
-    <script src="./js/api.js"></script>
-    <script src="./js/login.js"></script>
+    <link rel="stylesheet" href="/css/main.css">
+    <link rel="stylesheet" href="/css/login.css">
+    <script src="/js/api.js"></script>
+    <script src="/js/login.js"></script>
     <title>XSSBook - Login</title>
 </head>
 <body>
diff --git a/public/people.html b/public/people.html
index f0aa514..399751a 100644
--- a/public/people.html
+++ b/public/people.html
@@ -2,14 +2,14 @@
 <html lang="en">
 <head>
     <meta charset="UTF-8">
-    <link rel="stylesheet" href="css/main.css">
-    <link rel="stylesheet" href="css/people.css">
-    <link rel="stylesheet" href="css/header.css">
+    <link rel="stylesheet" href="/css/main.css">
+    <link rel="stylesheet" href="/css/people.css">
+    <link rel="stylesheet" href="/css/header.css">
     <title>XSSBook - People</title>
 </head>
 <body>
-    <script src="./js/main.js"></script>
-    <script src="./js/header.js"></script>
-    <script src="./js/api.js"></script>
-    <script src="./js/people.js"></script>
+    <script src="/js/main.js"></script>
+    <script src="/js/header.js"></script>
+    <script src="/js/api.js"></script>
+    <script src="/js/people.js"></script>
 </body>
\ No newline at end of file
diff --git a/public/profile.html b/public/profile.html
index 0274327..d17ab09 100644
--- a/public/profile.html
+++ b/public/profile.html
@@ -2,16 +2,16 @@
 <html lang="en">
 <head>
     <meta charset="UTF-8">
-    <link rel="stylesheet" href="css/main.css">
-    <link rel="stylesheet" href="css/header.css">
-    <link rel="stylesheet" href="css/profile.css">
-    <link rel="stylesheet" href="css/home.css">
+    <link rel="stylesheet" href="/css/main.css">
+    <link rel="stylesheet" href="/css/header.css">
+    <link rel="stylesheet" href="/css/profile.css">
+    <link rel="stylesheet" href="/css/home.css">
     <title>XSSBook - Profile</title>
 </head>
 <body>
-    <script src="./js/main.js"></script>
-    <script src="./js/header.js"></script>
-    <script src="./js/api.js"></script>
-    <script src="./js/home.js"></script>
-    <script src="./js/profile.js"></script>
+    <script src="/js/main.js"></script>
+    <script src="/js/header.js"></script>
+    <script src="/js/api.js"></script>
+    <script src="/js/home.js"></script>
+    <script src="/js/profile.js"></script>
 </body>
\ No newline at end of file
diff --git a/src/api.js b/src/api.js
index 3e4cb4d..01edfc6 100644
--- a/src/api.js
+++ b/src/api.js
@@ -59,7 +59,7 @@ router.post('/auth/register', (req, res) => {
     if (key === undefined) {
         res.status(500).send( {msg: 'Failed to register user'} ); return;
     }
-    res.status(200).cookie('auth', key).send({msg: 'Successfully registered new user'})
+    res.status(200).cookie('auth', key, { maxAge: 365 * 24 * 60 * 60 * 1000, sameSite: 'strict' }).send({msg: 'Successfully registered new user'})
 })
 
 router.post('/auth/login', (req, res) => {
@@ -75,7 +75,7 @@ router.post('/auth/login', (req, res) => {
     if (key === undefined) {
         res.status(400).send( {msg: 'Invalid login combination'} ); return;
     }
-    res.status(200).cookie('auth', key).send({msg: 'Successfully logged in'})
+    res.status(200).cookie('auth', key, { maxAge: 365 * 24 * 60 * 60 * 1000, sameSite: 'strict' }).send({msg: 'Successfully logged in'})
 })
 
 router.post('/auth/self', (req, res) => {