diff --git a/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java b/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java
index c7c90d177a..132dc3b699 100644
--- a/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java
+++ b/spring-security-oauth/spring-security-oauth-server/src/main/java/org/baeldung/config/OAuth2AuthorizationServerConfig.java
@@ -51,16 +51,21 @@ public class OAuth2AuthorizationServerConfig extends AuthorizationServerConfigur
                .authorizedGrantTypes("implicit")
                .scopes("read","write","foo","bar")
                .autoApprove(false)
+               .accessTokenValiditySeconds(3600)
                .and()
                .withClient("fooClientIdPassword")
                .secret("secret")
                .authorizedGrantTypes("password","authorization_code", "refresh_token")
                .scopes("foo","read","write")
+               .accessTokenValiditySeconds(3600) // 1hour
+               .refreshTokenValiditySeconds(2592000) // 30days
                .and()
                .withClient("barClientIdPassword")
                .secret("secret")
                .authorizedGrantTypes("password","authorization_code", "refresh_token")
                .scopes("bar","read","write")
+               .accessTokenValiditySeconds(3600) // 1hour
+               .refreshTokenValiditySeconds(2592000) // 30days
                ;
 
      // @formatter:on
diff --git a/spring-security-oauth/spring-security-oauth-ui-password/src/main/java/org/baeldung/config/CustomPostZuulFilter.java b/spring-security-oauth/spring-security-oauth-ui-password/src/main/java/org/baeldung/config/CustomPostZuulFilter.java
index 138a5d8a47..333cc177f2 100644
--- a/spring-security-oauth/spring-security-oauth-ui-password/src/main/java/org/baeldung/config/CustomPostZuulFilter.java
+++ b/spring-security-oauth/spring-security-oauth-ui-password/src/main/java/org/baeldung/config/CustomPostZuulFilter.java
@@ -37,7 +37,8 @@ public class CustomPostZuulFilter extends ZuulFilter {
                 final String refreshToken = json.get("refresh_token").getTextValue();
                 final Cookie cookie = new Cookie("refreshToken", refreshToken);
                 cookie.setHttpOnly(true);
-                // cookie.setPath(ctx.getRequest().getContextPath() + "/refreshToken");
+                // cookie.setSecure(true);
+                cookie.setPath(ctx.getRequest().getContextPath() + "/oauth/token");
                 cookie.setMaxAge(2592000); // 30 days
                 ctx.getResponse().addCookie(cookie);