diff --git a/oauth3.core.js b/oauth3.core.js
index 341ffe6..881556e 100644
--- a/oauth3.core.js
+++ b/oauth3.core.js
@@ -688,6 +688,7 @@
           console.warn("[implicitGrant] TODO abstract browser bits away");
         }
         opts._state = undefined;
+
         return OAUTH3.hooks.session.refresh(
           opts.session || {
             provider_uri: providerUri
@@ -695,7 +696,19 @@
           , client_uri: opts.client_uri || opts.clientUri
           }
         , tokens
-        );
+        ).then(function (session) {
+          // TODO set cookie with JWT and TTL
+          return OAUTH3.request({
+            method: 'POST'
+          , url: OAUTH3.url.normalize(
+              (directives.assets || 'https://assets.:hostname/assets/issuer@oauth3.org/session')
+                .replace(/:hostname/, OAUTH3.uri.normalize(directives.issuer) || OAUTH3.uri.normalize(providerUri))
+            )
+          , session: session
+          }).then(function () {
+            return session;
+          });
+        });
       });
     }
   , _discoverThenImplicitGrant: function(providerUri, opts) {