diff --git a/mamweb/middleware.py b/mamweb/middleware.py
index 951c9a86..5e5dc33e 100644
--- a/mamweb/middleware.py
+++ b/mamweb/middleware.py
@@ -23,10 +23,14 @@ class LoggedInHintCookieMiddleware(object):
         if hasattr(settings, 'LOGGED_IN_HINT_COOKIE_NAME'):
             self.cookie_name = settings.LOGGED_IN_HINT_COOKIE_NAME
         else: self.cookie_name = 'logged_in_hint'
+        self.cookie_value = 'True'
+
+    def cookie_correct(self, request):
+        return self.cookie_name in request.COOKIES and request.COOKIES[self.cookie_name] == self.cookie_value
 
     def process_request(self, request):
         if not request.is_secure():
-            if self.cookie_name in request.COOKIES and request.COOKIES[self.cookie_name] == 'True':
+            if self.cookie_correct(request):
                 # redirect insecure (assuming http) requests with hint cookie to https
                 url = HttpRequest.build_absolute_uri()
                 assert url[:5] == 'http:'
@@ -35,10 +39,11 @@ class LoggedInHintCookieMiddleware(object):
 
     def process_response(self, request, response):
         if request.is_secure():
-            # assuming full session info (as the conn. is secure), update hint
+            # assuming full session info (as the conn. is secure)
             if request.user.is_authenticated():
-                expiry = None if request.session.get_expire_at_browser_close() else request.session.get_expiry_date()
-                response.set_cookie(self.cookie_name, value='True', expires=expiry, secure=False)
+                if not self.cookie_correct(request):
+                    expiry = None if request.session.get_expire_at_browser_close() else request.session.get_expiry_date()
+                    response.set_cookie(self.cookie_name, value=self.cookie_value, expires=expiry, secure=False)
             else:
                 if self.cookie_name in request.COOKIES:
                     response.delete_cookie(self.cookie_name)