diff --git a/pkg/nodes/registry_server.go b/pkg/nodes/registry_server.go
index eea26d9..4dbb96c 100644
--- a/pkg/nodes/registry_server.go
+++ b/pkg/nodes/registry_server.go
@@ -133,6 +133,16 @@ func (s *RegistryServer) handleWebUI(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "unauthorized", http.StatusUnauthorized)
 		return
 	}
+	if s.token != "" {
+		http.SetCookie(w, &http.Cookie{
+			Name:     "clawgo_webui_token",
+			Value:    s.token,
+			Path:     "/",
+			HttpOnly: true,
+			SameSite: http.SameSiteLaxMode,
+			MaxAge:   86400,
+		})
+	}
 	if s.tryServeWebUIDist(w, r, "/webui/index.html") {
 		return
 	}
@@ -372,6 +382,9 @@ func (s *RegistryServer) checkAuth(r *http.Request) bool {
 	if strings.TrimSpace(r.URL.Query().Get("token")) == s.token {
 		return true
 	}
+	if c, err := r.Cookie("clawgo_webui_token"); err == nil && strings.TrimSpace(c.Value) == s.token {
+		return true
+	}
 	return false
 }