diff --git a/internal/api/user/controller.go b/internal/api/user/controller.go
index 91a3056..572fcdf 100644
--- a/internal/api/user/controller.go
+++ b/internal/api/user/controller.go
@@ -7,17 +7,20 @@ import (
 	"merch-parser-api/internal/shared"
 	"merch-parser-api/pkg/responses"
 	"net/http"
+	"time"
 )
 
 type controller struct {
-	service *service
-	utils   interfaces.Utils
+	service      *service
+	utils        interfaces.Utils
+	refreshRoute string
 }
 
-func newController(service *service, utils interfaces.Utils) *controller {
+func newController(service *service, utils interfaces.Utils, refreshRoute string) *controller {
 	return &controller{
-		service: service,
-		utils:   utils,
+		service:      service,
+		utils:        utils,
+		refreshRoute: refreshRoute,
 	}
 }
 
@@ -180,7 +183,16 @@ func (co *controller) login(c *gin.Context) {
 		return
 	}
 
-	c.JSON(http.StatusOK, response)
+	c.Header("access-token", response.AccessToken)
+	c.SetCookie(
+		response.RefreshCookie.Name,
+		response.RefreshCookie.Value,
+		int(time.Until(response.RefreshCookie.Expires).Seconds()),
+		co.refreshRoute,
+		"",
+		response.RefreshCookie.Secure,
+		response.RefreshCookie.HttpOnly,
+	)
 }
 
 // @Summary		Логаут
@@ -192,14 +204,14 @@ func (co *controller) login(c *gin.Context) {
 // @Failure		500				{object}	responses.ErrorResponse500
 // @Router			/user/logout	[post]
 func (co *controller) logout(c *gin.Context) {
-	userUuid, tokenUuid, err := co.utils.GetUserAndTokenUuidFromContext(c)
+	userUuid, refreshUuid, sessionUuid, err := co.utils.GetAllTokensFromContext(c)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, responses.ErrorResponse400{Error: err.Error()})
 		log.WithError(err).Error("User | Failed to get uuids from context on refresh")
 		return
 	}
 
-	if err = co.service.logout(userUuid, tokenUuid); err != nil {
+	if err = co.service.logout(userUuid, refreshUuid, sessionUuid); err != nil {
 		c.JSON(http.StatusInternalServerError, responses.ErrorResponse500{Error: err.Error()})
 		log.WithError(err).Error("User | Failed to logout")
 		return
@@ -218,14 +230,14 @@ func (co *controller) logout(c *gin.Context) {
 // @Router			/user/refresh	[post]
 func (co *controller) refresh(c *gin.Context) {
 	//токены будут помещены в контекст при срабатывании мидлвари авторизации
-	userUuid, tokenUuid, err := co.utils.GetUserAndTokenUuidFromContext(c)
+	userUuid, refreshUuid, sessionUuid, err := co.utils.GetAllTokensFromContext(c)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, responses.ErrorResponse400{Error: err.Error()})
 		log.WithError(err).Error("User | Failed to get uuids from context on refresh")
 		return
 	}
 
-	response, err := co.service.refresh(userUuid, tokenUuid)
+	response, err := co.service.refresh(userUuid, refreshUuid, sessionUuid)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, responses.ErrorResponse500{Error: err.Error()})
 		log.WithError(err).Error("User | Failed to refresh user info")
diff --git a/internal/api/user/handler.go b/internal/api/user/handler.go
index 2b0c143..9747d1c 100644
--- a/internal/api/user/handler.go
+++ b/internal/api/user/handler.go
@@ -12,15 +12,16 @@ type Handler struct {
 }
 
 type Deps struct {
-	Auth  interfaces.Auth
-	DB    *gorm.DB
-	Utils interfaces.Utils
+	Auth         interfaces.Auth
+	DB           *gorm.DB
+	Utils        interfaces.Utils
+	RefreshRoute string
 }
 
 func NewHandler(deps Deps) *Handler {
 	r := newRepo(deps.DB)
 	s := newService(deps.Auth, r, deps.Utils)
-	c := newController(s, deps.Utils)
+	c := newController(s, deps.Utils, deps.RefreshRoute)
 
 	return &Handler{
 		controller: c,
diff --git a/internal/api/user/service.go b/internal/api/user/service.go
index e0ce38b..df03998 100644
--- a/internal/api/user/service.go
+++ b/internal/api/user/service.go
@@ -120,10 +120,10 @@ func (s *service) login(login Login) (shared.AuthData, error) {
 	return authData, nil
 }
 
-func (s *service) logout(userUuid string, refreshUuid string) error {
-	return s.auth.Logout(userUuid, refreshUuid)
+func (s *service) logout(userUuid, refreshUuid, sessionUuid string) error {
+	return s.auth.Logout(userUuid, refreshUuid, sessionUuid)
 }
 
-func (s *service) refresh(userUuid string, refreshUuid string) (shared.AuthData, error) {
-	return s.auth.Refresh(userUuid, refreshUuid)
+func (s *service) refresh(userUuid, refreshUuid, sessionUuid string) (shared.AuthData, error) {
+	return s.auth.Refresh(userUuid, refreshUuid, sessionUuid)
 }
diff --git a/internal/shared/auth.go b/internal/shared/auth.go
index 007cb51..92f5376 100644
--- a/internal/shared/auth.go
+++ b/internal/shared/auth.go
@@ -1,6 +1,8 @@
 package shared
 
+import "net/http"
+
 type AuthData struct {
-	AccessToken  string `json:"access_token"`
-	RefreshToken string `json:"refresh_token"`
+	AccessToken   string
+	RefreshCookie *http.Cookie
 }