diff --git a/pkg/sessions/session_store_test.go b/pkg/sessions/session_store_test.go
index eb8ad2f..f9a9364 100644
--- a/pkg/sessions/session_store_test.go
+++ b/pkg/sessions/session_store_test.go
@@ -1,6 +1,8 @@
 package sessions_test
 
 import (
+	"crypto/rand"
+	"encoding/base64"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -133,7 +135,16 @@ var _ = Describe("NewSessionStore", func() {
 					Expect(loadedSession.User).To(Equal(session.User))
 				} else {
 					// All fields stored in session if encrypted
-					Expect(loadedSession).To(Equal(session))
+
+					// Can't compare time.Time using Equal() so remove ExpiresOn from sessions
+					l := *loadedSession
+					l.ExpiresOn = time.Time{}
+					s := *session
+					s.ExpiresOn = time.Time{}
+					Expect(l).To(Equal(s))
+
+					// Compare time.Time separately
+					Expect(loadedSession.ExpiresOn.Equal(session.ExpiresOn)).To(BeTrue())
 				}
 			})
 		})
@@ -169,6 +180,20 @@ var _ = Describe("NewSessionStore", func() {
 
 			SessionStoreInterfaceTests()
 		})
+
+		Context("with a cookie-secret set", func() {
+			BeforeEach(func() {
+				secret := make([]byte, 32)
+				_, err := rand.Read(secret)
+				Expect(err).ToNot(HaveOccurred())
+				cookieOpts.CookieSecret = base64.URLEncoding.EncodeToString(secret)
+
+				ss, err = sessions.NewSessionStore(opts, cookieOpts)
+				Expect(err).ToNot(HaveOccurred())
+			})
+
+			SessionStoreInterfaceTests()
+		})
 	}
 
 	BeforeEach(func() {