diff --git a/client/src/pages/home/Home.jsx b/client/src/pages/home/Home.jsx
index 05c1dcb..22c2174 100644
--- a/client/src/pages/home/Home.jsx
+++ b/client/src/pages/home/Home.jsx
@@ -47,9 +47,9 @@ function Home() {
 
     //upload files to server
     Axios.post(`${process.env.REACT_APP_SERVER_URL}/api/upload`, formData, {
+      withCredentials:true,
       headers: {
         'Content-Type': 'multipart/form-data',
-        'Authorization': 'Bearer ' + window.localStorage.getItem("didToken")
       }
     })
       .then(res => {
diff --git a/server/index.js b/server/index.js
index d4b479b..3cc8f8f 100644
--- a/server/index.js
+++ b/server/index.js
@@ -25,6 +25,7 @@ const app = express();
 app.use(cors());
 app.use(morgan('dev'))
 app.use(express.json());
+app.use(cookieParser());
 app.use(express.urlencoded({ extended: true }));
 app.use(fileUpload()); 
 app.use(limiter);
diff --git a/server/middlewares/authenticate.js b/server/middlewares/authenticate.js
new file mode 100644
index 0000000..c76d329
--- /dev/null
+++ b/server/middlewares/authenticate.js
@@ -0,0 +1,15 @@
+const { Magic } = require("@magic-sdk/admin");
+const magic = new Magic(process.env.MAGIC_SECRET_KEY);
+
+const authenticate = async (req, res, next) => {
+  console.log("Auth middleware 2 called");
+  try {
+    const { didToken } = req.cookies;
+    await magic.token.validate(didToken);
+    next();
+  } catch (error) {
+    return res.status(401).json({ error: error.message });
+  }
+};
+
+module.exports = authenticate;
diff --git a/server/package-lock.json b/server/package-lock.json
index 852396c..58a5a25 100644
--- a/server/package-lock.json
+++ b/server/package-lock.json
@@ -10,6 +10,7 @@
       "license": "ISC",
       "dependencies": {
         "@magic-sdk/admin": "^1.4.1",
+        "cookie-parser": "^1.4.6",
         "cors": "^2.8.5",
         "dotenv": "^16.0.1",
         "express": "^4.18.1",
@@ -890,6 +891,26 @@
         "node": ">= 0.6"
       }
     },
+    "node_modules/cookie-parser": {
+      "version": "1.4.6",
+      "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.6.tgz",
+      "integrity": "sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==",
+      "dependencies": {
+        "cookie": "0.4.1",
+        "cookie-signature": "1.0.6"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/cookie-parser/node_modules/cookie": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz",
+      "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA==",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/cookie-signature": {
       "version": "1.0.6",
       "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
@@ -4985,6 +5006,22 @@
       "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz",
       "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw=="
     },
+    "cookie-parser": {
+      "version": "1.4.6",
+      "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.6.tgz",
+      "integrity": "sha512-z3IzaNjdwUC2olLIB5/ITd0/setiaFMLYiZJle7xg5Fe9KWAceil7xszYfHHBtDFYLSgJduS2Ty0P1uJdPDJeA==",
+      "requires": {
+        "cookie": "0.4.1",
+        "cookie-signature": "1.0.6"
+      },
+      "dependencies": {
+        "cookie": {
+          "version": "0.4.1",
+          "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.1.tgz",
+          "integrity": "sha512-ZwrFkGJxUR3EIoXtO+yVE69Eb7KlixbaeAWfBQB9vVsNn/o+Yw69gBWSSDK825hQNdN+wF8zELf3dFNl/kxkUA=="
+        }
+      }
+    },
     "cookie-signature": {
       "version": "1.0.6",
       "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
diff --git a/server/package.json b/server/package.json
index 475830e..0d80525 100644
--- a/server/package.json
+++ b/server/package.json
@@ -15,6 +15,7 @@
   "license": "ISC",
   "dependencies": {
     "@magic-sdk/admin": "^1.4.1",
+    "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",
     "dotenv": "^16.0.1",
     "express": "^4.18.1",
diff --git a/server/routes/auth.js b/server/routes/auth.js
index e963f36..9a46fb0 100644
--- a/server/routes/auth.js
+++ b/server/routes/auth.js
@@ -24,6 +24,7 @@ router.post('/api/user/create', authMiddleware, async (req, res, next) => {
     const magic_id = req.body.magic_id;
     const user_name = req.body.user_name;
     const email = req.body.email;
+    const didToken = req.headers.authorization.substring(7);
 
     if (!user_name || !magic_id || !email) {
         return next( new AppError("Missing required fields", 400));
@@ -43,6 +44,7 @@ router.post('/api/user/create', authMiddleware, async (req, res, next) => {
         })
         console.log("saving user")
         await user.save();
+        res.cookie('didToken',didToken,{httpOnly:true})
         return res.status(200).json({ message: "User created successfully" });
     }
     else {