diff --git a/middles/oauth/sessions.go b/middles/oauth/sessions.go
index 443c0c6..8e33dfa 100644
--- a/middles/oauth/sessions.go
+++ b/middles/oauth/sessions.go
@@ -32,9 +32,12 @@ type Sessions struct {
 	CookieFactory *CookieFactory
 }
 
-func NewSessions(cache Cache[*conceal.Text, Identity]) *Sessions {
+// NewSessions creates a new Sessions for managing sessions and cookies
+// associated with those sessions.
+func NewSessions(cookies *CookieFactory, cache Cache[*conceal.Text, Identity]) *Sessions {
 	return &Sessions{
-		Cache: cache,
+		Cache:         cache,
+		CookieFactory: cookies,
 	}
 }
 
diff --git a/middles/oauth/sessions_test.go b/middles/oauth/sessions_test.go
index 1c3c6fc..22eefe3 100644
--- a/middles/oauth/sessions_test.go
+++ b/middles/oauth/sessions_test.go
@@ -29,15 +29,12 @@ func TestSessions_Create(t *testing.T) {
 
 	cache := &mockCache{storage: make(map[string]Identity)}
 
-	// initialize the cookie factory
-	sessions := &Sessions{
-		Cache: cache,
-		CookieFactory: &CookieFactory{
-			Name:   "session-token",
-			Secure: true,
-			Clock:  testNow,
-		},
-	}
+	// initialize the sessions manager with the cache and a cookie factory
+	sessions := NewSessions(&CookieFactory{
+		Name:   "session-token",
+		Secure: true,
+		Clock:  testNow,
+	}, cache)
 
 	id := Identity(12345)
 	ttl := 1 * time.Hour
@@ -66,8 +63,9 @@ func TestSessions_Create(t *testing.T) {
 func TestSessions_Match(t *testing.T) {
 	t.Parallel()
 
+	cookies := (*CookieFactory)(nil)
 	cache := &mockCache{storage: make(map[string]Identity)}
-	sessions := NewSessions(cache)
+	sessions := NewSessions(cookies, cache)
 
 	id := Identity(12345)
 	token := conceal.UUIDv4()