diff --git a/packages/backend/src/middleware/auth2.js b/packages/backend/src/middleware/auth2.js
index bfc69a98..7a5e8024 100644
--- a/packages/backend/src/middleware/auth2.js
+++ b/packages/backend/src/middleware/auth2.js
@@ -63,8 +63,10 @@ const auth2 = async (req, res, next) => {
 
     if(!token) {
         APIError.create('token_missing').write(res);
+        return;
     } else if (typeof token !== 'string') {
         APIError.create('token_auth_failed').write(res);
+        return;
     } else {
         token = token.replace('Bearer ', '')
     }
diff --git a/packages/backend/src/routers/signup.js b/packages/backend/src/routers/signup.js
index 4f2db4ea..4d25e379 100644
--- a/packages/backend/src/routers/signup.js
+++ b/packages/backend/src/routers/signup.js
@@ -71,6 +71,11 @@ module.exports = eggspress(['/signup'], {
         const { user, token } = await svc_auth.check_session(
             req.cookies[config.cookie_name]
         );
+        res.cookie(config.cookie_name, token, {
+            sameSite: 'none',
+            secure: true,
+            httpOnly: true,
+        });
         // const decoded = await jwt.verify(token, config.jwt_secret);
         // const user = await get_user({ uuid: decoded.uuid });
         if ( user ) {
diff --git a/packages/backend/src/services/auth/AuthService.js b/packages/backend/src/services/auth/AuthService.js
index c1cdc9e5..361a3289 100644
--- a/packages/backend/src/services/auth/AuthService.js
+++ b/packages/backend/src/services/auth/AuthService.js
@@ -240,7 +240,10 @@ class AuthService extends BaseService {
             [uuid],
         );
 
-        session.meta = JSON.parse(session.meta ?? {});
+        session.meta = this.db.case({
+            mysql: () => session.meta,
+            otherwise: () => JSON.parse(session.meta ?? "{}")
+        })();
 
         return session;
     }
@@ -375,10 +378,13 @@ class AuthService extends BaseService {
         );
 
         sessions.forEach(session => {
+            session.meta = this.db.case({
+                mysql: () => session.meta,
+                otherwise: () => JSON.parse(session.meta ?? "{}")
+            })();
             if ( session.uuid === actor.type.session ) {
                 session.current = true;
             }
-            session.meta = JSON.parse(session.meta ?? {});
         });
 
         return sessions;
diff --git a/src/UI/UIWindowManageSessions.js b/src/UI/UIWindowManageSessions.js
index 561597fb..1debb5da 100644
--- a/src/UI/UIWindowManageSessions.js
+++ b/src/UI/UIWindowManageSessions.js
@@ -87,6 +87,7 @@ const UIWindowManageSessions = async function UIWindowManageSessions () {
             const resp = await fetch(`${api_origin}/auth/revoke-session`, {
                 method: 'POST',
                 headers: {
+                    Authorization: `Bearer ${puter.authToken}`,
                     'Content-Type': 'application/json',
                 },
                 body: JSON.stringify({
@@ -115,6 +116,9 @@ const UIWindowManageSessions = async function UIWindowManageSessions () {
 
     const reload_sessions = async () => {
         const resp = await fetch(`${api_origin}/auth/list-sessions`, {
+            headers: {
+                Authorization: `Bearer ${puter.authToken}`,
+            },
             method: 'GET',
         });