diff --git a/src/lib/jar.js b/src/lib/jar.js
index b5a16846c..8f308ca5b 100644
--- a/src/lib/jar.js
+++ b/src/lib/jar.js
@@ -1,4 +1,5 @@
 var cookie = require('cookie');
+var defaults = require('lodash.defaults');
 var xhr = require('xhr');
 var pako = require('pako');
 
@@ -69,11 +70,13 @@ var Jar = {
             });
         });
     },
-    set: function (name, value) {
-        var obj = cookie.serialize(name, value);
-        var expires = '; expires=' + new Date(new Date().setYear(new Date().getFullYear() + 1)).toUTCString();
-        var path = '; path=/';
-        document.cookie = obj + expires + path;
+    set: function (name, value, opts) {
+        defaults(opts, {
+            expires: new Date(new Date().setYear(new Date().getFullYear() + 1)),
+            path: '/'
+        });
+        var obj = cookie.serialize(name, value, opts);
+        document.cookie = obj;
     },
     getUnsignedValue: function (cookieName, signedValue, callback) {
         // Get a value from a signed object
diff --git a/src/redux/permissions.js b/src/redux/permissions.js
index c741ee865..0530cb868 100644
--- a/src/redux/permissions.js
+++ b/src/redux/permissions.js
@@ -20,12 +20,28 @@ module.exports.permissionsReducer = function (state, action) {
     }
 };
 
+module.exports.storePermissions = function (permissions) {
+    permissions = permissions || {};
+    return function (dispatch) {
+        jar.set('permissions', permissions, {
+            encode: function (value) {
+                return encodeURIComponent(JSON.stringify(value));
+            }
+        });
+        return dispatch(module.exports.setPermissions(permissions));
+    };
+};
+
 module.exports.getPermissions = function () {
     return function (dispatch) {
-        jar.getUnsignedValue('scratchsessionsid', 'permissions', function (err, value) {
+        jar.get('permissions', function (err, value) {
             if (err) return dispatch(module.exports.setPermissionsError(err));
 
-            value = value || {};
+            try {
+                value = JSON.parse(decodeURIComponent(value)) || {};
+            } catch (e) {
+                value = {};
+            }
             return dispatch(module.exports.setPermissions(value));
         });
     };
diff --git a/src/redux/session.js b/src/redux/session.js
index ff9d58474..49dd51823 100644
--- a/src/redux/session.js
+++ b/src/redux/session.js
@@ -89,7 +89,7 @@ module.exports.refreshSession = function () {
                 dispatch(module.exports.setStatus(module.exports.Status.FETCHED));
 
                 // get the permissions from the updated session
-                dispatch(permissionsActions.getPermissions());
+                dispatch(permissionsActions.storePermissions(body.permissions));
                 return;
             }
         });