diff --git a/backend/internal/api/handlers/user_handler.go b/backend/internal/api/handlers/user_handler.go
index 518bd3f..773515d 100644
--- a/backend/internal/api/handlers/user_handler.go
+++ b/backend/internal/api/handlers/user_handler.go
@@ -246,7 +246,7 @@ func (h *UserHandler) Login(c *gin.Context) {
 	}
 
 	// Generate JWT token
-	token, err := middleware.GenerateToken(user)
+	token, err := middleware.GenerateToken(user, c)
 	if err != nil {
 		utils.InternalErrorResponse(c, "Error generating token: "+err.Error())
 		return
@@ -292,7 +292,7 @@ func (h *UserHandler) Register(c *gin.Context) {
 	}
 
 	// Generate JWT token
-	token, err := middleware.GenerateToken(user)
+	token, err := middleware.GenerateToken(user, c)
 	if err != nil {
 		utils.InternalErrorResponse(c, "Error generating token: "+err.Error())
 		return
diff --git a/backend/internal/api/middleware/auth.go b/backend/internal/api/middleware/auth.go
index 7f0ead4..a7389b6 100644
--- a/backend/internal/api/middleware/auth.go
+++ b/backend/internal/api/middleware/auth.go
@@ -2,7 +2,6 @@ package middleware
 
 import (
 	"errors"
-	"strings"
 	"time"
 
 	"github.com/gin-gonic/gin"
@@ -31,23 +30,14 @@ type Claims struct {
 // AuthMiddleware checks if the user is authenticated
 func AuthMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// Get the Authorization header
-		authHeader := c.GetHeader("Authorization")
-		if authHeader == "" {
-			utils.UnauthorizedResponse(c, "Authorization header is required")
+		// Get the token from cookie
+		tokenString, err := c.Cookie("jwt")
+		if err != nil {
+			utils.UnauthorizedResponse(c, "Authentication cookie is required")
 			c.Abort()
 			return
 		}
 
-		// Check if the header has the Bearer prefix
-		parts := strings.Split(authHeader, " ")
-		if len(parts) != 2 || parts[0] != "Bearer" {
-			utils.UnauthorizedResponse(c, "Invalid authorization format, expected 'Bearer TOKEN'")
-			c.Abort()
-			return
-		}
-
-		tokenString := parts[1]
 		claims, err := validateToken(tokenString)
 		if err != nil {
 			utils.UnauthorizedResponse(c, "Invalid or expired token")
@@ -102,7 +92,7 @@ func RoleMiddleware(roles ...string) gin.HandlerFunc {
 }
 
 // GenerateToken creates a new JWT token for a user
-func GenerateToken(user *models.User) (string, error) {
+func GenerateToken(user *models.User, c *gin.Context) (string, error) {
 	// Create the claims
 	claims := Claims{
 		UserID:    user.ID.String(),
@@ -125,6 +115,9 @@ func GenerateToken(user *models.User) (string, error) {
 		return "", err
 	}
 
+	// Set the cookie
+	c.SetCookie("jwt", tokenString, int(tokenDuration.Seconds()), "/", "", true, true)
+
 	return tokenString, nil
 }
 
diff --git a/backend/internal/api/routes/router.go b/backend/internal/api/routes/router.go
index fa5bddc..d8f771b 100644
--- a/backend/internal/api/routes/router.go
+++ b/backend/internal/api/routes/router.go
@@ -28,7 +28,7 @@ func SetupRouter(r *gin.Engine) {
 
 		// Protected routes
 		protected := api.Group("")
-		//protected.Use(middleware.AuthMiddleware())
+		protected.Use(middleware.AuthMiddleware())
 		{
 			// Auth routes (protected)
 			protectedAuth := protected.Group("/auth")