diff --git a/lib/noosfero/api/api.rb b/lib/noosfero/api/api.rb
index 88efbbb..5da45c1 100644
--- a/lib/noosfero/api/api.rb
+++ b/lib/noosfero/api/api.rb
@@ -10,6 +10,7 @@ module Noosfero
       before { setup_multitenancy }
       before { detect_stuff_by_domain }
       after { end_log }
+      after { set_session_cookie }
   
       version 'v1'
       prefix "api"
diff --git a/lib/noosfero/api/helpers.rb b/lib/noosfero/api/helpers.rb
index 717f028..00fbf3d 100644
--- a/lib/noosfero/api/helpers.rb
+++ b/lib/noosfero/api/helpers.rb
@@ -9,7 +9,7 @@ module Noosfero
       end
   
       def current_user
-        private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token']).to_s if params
+        private_token = (params[PRIVATE_TOKEN_PARAM] || headers['Private-Token'] || cookies['_noosfero_api_session']).to_s if params
         @current_user ||= User.find_by_private_token(private_token)
         @current_user = nil if !@current_user.nil? && @current_user.private_token_expired?
         @current_user
@@ -146,7 +146,11 @@ module Noosfero
         render_api_error!(messages.join(','), 400)
       end
       protected
-  
+
+      def set_session_cookie
+        cookies['_noosfero_api_session'] = { value: @current_user.private_token, httponly: true } if @current_user.present?
+      end
+
       def start_log
         logger.info "Started #{request.path} #{request.params.except('password')}"
       end
diff --git a/lib/noosfero/api/session.rb b/lib/noosfero/api/session.rb
index 686eff1..684682c 100644
--- a/lib/noosfero/api/session.rb
+++ b/lib/noosfero/api/session.rb
@@ -16,6 +16,7 @@ module Noosfero
   
         return unauthorized! unless user
         user.generate_private_token!
+        @current_user = user
         present user, :with => Entities::UserLogin
       end
   
--
libgit2 0.21.2