diff --git a/server.py b/server.py
index d98514e71d0c900118502937faa06ffd8eb616da..c6b04f15102e03e9c9bee55b2fbc2a7e1e14028f 100644
--- a/server.py
+++ b/server.py
@@ -516,6 +516,11 @@ def auth(): # For use with nginx auth_request
 		return 'Internal Server Error', 500
 	url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
 	ip = request.headers.get('X-Real-IP', '')
+	if 'tracking' in request.cookies:
+		cookie = request.cookies['tracking']
+	else:
+		cookie = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(64))
+	#	r.set_cookie('tracking', request.cookies.get('tracking', ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(64))), max_age=2147483647)
 	if url.endswith('jpg') or ismod():
 		return "OK", 200
 	perms = query('''SELECT videos.path, videos.id AS vid, perm.*
@@ -535,8 +540,13 @@ def auth(): # For use with nginx auth_request
 		username = auth.username
 		password = auth.password
 	if checkperm(perms, username=username, password=password):
-		return 'OK', 200
-		modify('INSERT INTO log VALUES (?, "", ?, "video", ?, ?)', ip, datetime.now(), perms[0]['vid'], url)
+		try:
+			modify('INSERT INTO log VALUES (?, ?, ?, "video", ?, ?)', ip, cookie, datetime.now(), perms[0]['vid'], url)
+		except:
+			pass
+		r = make_response('OK', 200)
+		r.set_cookie('tracking', cookie, max_age=2147483647) # Many many years
+		return r
 	password_auth = False
 	for perm in perms:
 		if perm['type'] == 'password':