diff --git a/server/http.go b/server/http.go
index 8342edf6edb12238ea3b3b0423d94e817affdc1a..53e8491de47b36389ad75fe7d51304e2c8f4d534 100644
--- a/server/http.go
+++ b/server/http.go
@@ -161,7 +161,7 @@ func (h *Server) loginCallback(w http.ResponseWriter, req *http.Request, usernam
 
 	// Create cookie-based session for the authenticated user.
 	session := newAuthSession(h.authSessionLifetime, username, userinfo)
-	httpSession, _ := h.authSessionStore.Get(req, authSessionKey)
+	httpSession, _ := h.authSessionStore.Get(req, authSessionKey) // nolint
 	httpSession.Values["auth"] = session
 	return httpSession.Save(req, w)
 }
@@ -179,7 +179,9 @@ func (h *Server) withAuth(f func(http.ResponseWriter, *http.Request, *authSessio
 			return
 		}
 		httpSession.Options.MaxAge = -1
-		_ = httpSession.Save(req, w)
+		if err := httpSession.Save(req, w); err != nil {
+			log.Printf("error saving session: %v", err)
+		}
 		http.Redirect(w, req, makeLoginURL(req), http.StatusFound)
 	})
 }
@@ -227,7 +229,9 @@ func (h *Server) handleHomepage(w http.ResponseWriter, req *http.Request, sessio
 	}
 
 	session.AddService(service)
-	_ = sessions.Save(req, w)
+	if err := sessions.Save(req, w); err != nil {
+		log.Printf("error saving session: %v", err)
+	}
 
 	// Redirect to service callback.
 	callbackURL := serviceLoginCallback(service, destination, token)
@@ -256,13 +260,13 @@ func (h *Server) handleLogout(w http.ResponseWriter, req *http.Request, session
 	if req.Method == "POST" {
 		data["IsPOST"] = true
 		data["IncludeLogoutScripts"] = true
-		svcJSON, _ := json.Marshal(svcs)
+		svcJSON, _ := json.Marshal(svcs) // nolint
 		data["ServicesJSON"] = string(svcJSON)
 
-		// Clear the local session.
-		httpSession, _ := h.authSessionStore.Get(req, authSessionKey)
+		// Clear the local session. Ignore errors.
+		httpSession, _ := h.authSessionStore.Get(req, authSessionKey) // nolint
 		httpSession.Options.MaxAge = -1
-		_ = httpSession.Save(req, w)
+		httpSession.Save(req, w) // nolint
 
 		// Close the keystore.
 		if h.keystore != nil {
@@ -278,7 +282,7 @@ func (h *Server) handleLogout(w http.ResponseWriter, req *http.Request, session
 		w.Header().Set("Content-Security-Policy", logoutContentSecurityPolicy)
 	}
 
-	h.tpl.ExecuteTemplate(w, "logout.html", data)
+	h.tpl.ExecuteTemplate(w, "logout.html", data) // nolint
 }
 
 func (h *Server) handleExchange(w http.ResponseWriter, req *http.Request) {
@@ -301,7 +305,7 @@ func (h *Server) handleExchange(w http.ResponseWriter, req *http.Request) {
 	}
 
 	w.Header().Set("Content-Type", "text/plain")
-	_, _ = io.WriteString(w, token)
+	io.WriteString(w, token) // nolint
 }
 
 // Handler returns the http.Handler for the SSO server application.
diff --git a/server/login.go b/server/login.go
index 04d315adf011aa3e2e94bde2df82901a391ba6d1..2ed03d7e6aab93895bff7b3477043b2efa489b09 100644
--- a/server/login.go
+++ b/server/login.go
@@ -131,7 +131,11 @@ func (l *loginHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 		case loginStateSuccess:
 			// Successful login. Delete the login session.
 			httpSession.Options.MaxAge = -1
-			_ = httpSession.Save(req, w)
+			if err := httpSession.Save(req, w); err != nil {
+				log.Printf("login error saving session: %v", err)
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
 			if err := l.loginCallback(w, req, session.Username, session.Password, session.UserInfo); err != nil {
 				log.Printf("login callback error: %v: user=%s", err, session.Username)
 				http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -146,7 +150,7 @@ func (l *loginHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 				http.Error(w, err.Error(), http.StatusInternalServerError)
 				return
 			}
-			_, _ = w.Write(body)
+			w.Write(body) // nolint
 			return
 
 		default: