diff --git a/internal/interfaces/auth.go b/internal/interfaces/auth.go
index 3a668a8..60012cb 100644
--- a/internal/interfaces/auth.go
+++ b/internal/interfaces/auth.go
@@ -4,6 +4,6 @@ import "merch-parser-api/internal/shared"
 
 type Auth interface {
 	Login(userUuid string) (shared.AuthData, error)
-	Logout(userUuid string, refreshUuid string) error
-	Refresh(userUuid string, refreshUuid string) (shared.AuthData, error)
+	Logout(userUuid, refreshUuid, sessionUuid string) error
+	Refresh(userUuid, refreshUuid, sessionUuid string) (shared.AuthData, error)
 }
diff --git a/internal/provider/auth/model.go b/internal/provider/auth/model.go
index 0da6172..2044e62 100644
--- a/internal/provider/auth/model.go
+++ b/internal/provider/auth/model.go
@@ -6,11 +6,12 @@ import (
 )
 
 type RefreshToken struct {
-	Id        uint         `gorm:"primary_key"`
-	CreatedAt time.Time    `gorm:"column:created_at"`
-	UpdatedAt sql.NullTime `gorm:"column:updated_at"`
-	DeletedAt sql.NullTime `gorm:"column:deleted_at"`
-	UserUuid  string       `gorm:"column:user_uuid"`
-	TokenUuid string       `gorm:"column:token_uuid"`
-	Expires   int64        `gorm:"column:expires"`
+	Id          uint         `gorm:"primary_key"`
+	CreatedAt   time.Time    `gorm:"column:created_at"`
+	UpdatedAt   sql.NullTime `gorm:"column:updated_at"`
+	DeletedAt   sql.NullTime `gorm:"column:deleted_at"`
+	UserUuid    string       `gorm:"column:user_uuid"`
+	RefreshUuid string       `gorm:"column:refresh_uuid"`
+	SessionUuid string       `gorm:"column:session_uuid"`
+	Expires     time.Time    `gorm:"column:expires"`
 }
diff --git a/internal/provider/auth/repository.go b/internal/provider/auth/repository.go
index 53dfb73..3aa0ced 100644
--- a/internal/provider/auth/repository.go
+++ b/internal/provider/auth/repository.go
@@ -7,8 +7,8 @@ import (
 
 type Repository interface {
 	CreateRefreshToken(token *RefreshToken) error
-	ReadRefreshToken(userUuid string, tokenUuid string) (RefreshToken, error)
-	InvalidateRefreshToken(userUuid string, tokenUuid string) error
+	ReadRefreshToken(userUuid, tokenUuid, sessionUuid string) (RefreshToken, error)
+	InvalidateRefreshToken(userUuid, refreshUuid, sessionUuid string) error
 }
 
 type repo struct {
@@ -23,12 +23,13 @@ func (r *repo) CreateRefreshToken(token *RefreshToken) error {
 	return r.db.Create(token).Error
 }
 
-func (r *repo) ReadRefreshToken(userUuid string, tokenUuid string) (RefreshToken, error) {
+func (r *repo) ReadRefreshToken(userUuid, tokenUuid, sessionUuid string) (RefreshToken, error) {
 	var tokenData RefreshToken
 
 	if err := r.db.
-		Where("token_uuid = ?", tokenUuid).
 		Where("user_uuid = ?", userUuid).
+		Where("refresh_uuid = ?", tokenUuid).
+		Where("session_uuid = ?", sessionUuid).
 		Where("deleted_at IS NULL").
 		First(&tokenData).Error; err != nil {
 		return RefreshToken{}, err
@@ -37,10 +38,11 @@ func (r *repo) ReadRefreshToken(userUuid string, tokenUuid string) (RefreshToken
 	return tokenData, nil
 }
 
-func (r *repo) InvalidateRefreshToken(userUuid string, tokenUuid string) error {
+func (r *repo) InvalidateRefreshToken(userUuid, refreshUuid, sessionUuid string) error {
 	return r.db.
 		Model(&RefreshToken{}).
 		Where("user_uuid = ?", userUuid).
-		Where("token_uuid = ?", tokenUuid).
+		Where("refresh_uuid = ?", refreshUuid).
+		Where("session_uuid = ?", sessionUuid).
 		Update("deleted_at", time.Now().UTC()).Error
 }
diff --git a/internal/provider/auth/service.go b/internal/provider/auth/service.go
index 15cddf5..900977b 100644
--- a/internal/provider/auth/service.go
+++ b/internal/provider/auth/service.go
@@ -10,8 +10,9 @@ import (
 )
 
 type Service struct {
-	repo        Repository
-	jwtProvider interfaces.JWTProvider
+	repo          Repository
+	jwtProvider   interfaces.JWTProvider
+	refreshExpiry time.Duration
 }
 
 func newService(repo Repository, jwtProvider interfaces.JWTProvider) *Service {
@@ -22,12 +23,13 @@ func newService(repo Repository, jwtProvider interfaces.JWTProvider) *Service {
 }
 
 func (s *Service) Login(userUuid string) (shared.AuthData, error) {
-	return s.generateTokens(userUuid)
+	return s.newSession(userUuid)
 }
 
-func (s *Service) Refresh(userUuid string, refreshUuid string) (shared.AuthData, error) {
+func (s *Service) Refresh(userUuid, refreshUuid, sessionUuid string) (shared.AuthData, error) {
 	var err error
-	tokenData, err := s.repo.ReadRefreshToken(userUuid, refreshUuid)
+
+	tokenData, err := s.repo.ReadRefreshToken(userUuid, refreshUuid, sessionUuid)
 	if err != nil {
 		if errors.Is(err, gorm.ErrRecordNotFound) {
 			return shared.AuthData{}, errors.New("refresh token is not valid or doesn't exist")
@@ -35,42 +37,49 @@ func (s *Service) Refresh(userUuid string, refreshUuid string) (shared.AuthData,
 		return shared.AuthData{}, err
 	}
 
-	if tokenData.Expires < time.Now().UTC().Unix() {
+	if time.Now().After(tokenData.Expires) {
 		return shared.AuthData{}, errors.New("token expired")
 	}
 
-	err = s.repo.InvalidateRefreshToken(userUuid, refreshUuid)
+	err = s.repo.InvalidateRefreshToken(userUuid, refreshUuid, sessionUuid)
 	if err != nil {
 		return shared.AuthData{}, err
 	}
 
-	return s.generateTokens(userUuid)
+	return s.updateSession(userUuid, sessionUuid)
 }
 
-func (s *Service) Logout(userUuid string, refreshUuid string) error {
-	return s.repo.InvalidateRefreshToken(userUuid, refreshUuid)
+func (s *Service) Logout(userUuid, refreshUuid, sessionUuid string) error {
+	return s.repo.InvalidateRefreshToken(userUuid, refreshUuid, sessionUuid)
 }
 
-func (s *Service) generateTokens(userUuid string) (shared.AuthData, error) {
-	accessToken, err := s.jwtProvider.CreateAccessToken(userUuid)
+func (s *Service) newSession(userUuid string) (shared.AuthData, error) {
+	return s.createSession(userUuid, uuid.NewString())
+}
+
+func (s *Service) updateSession(userUuid, sessionUuid string) (shared.AuthData, error) {
+	return s.createSession(userUuid, sessionUuid)
+}
+
+func (s *Service) createSession(userUuid, sessionUuid string) (shared.AuthData, error) {
+	accessToken, err := s.jwtProvider.CreateAccessToken(userUuid, sessionUuid)
 	if err != nil {
 		return shared.AuthData{}, err
 	}
 
-	refreshTokenUuid := uuid.NewString()
-	refreshToken, exp, err := s.jwtProvider.CreateRefreshToken(userUuid, refreshTokenUuid)
-	if err != nil {
-		return shared.AuthData{}, err
-	}
+	refreshUuid := uuid.NewString()
+	expires := time.Now().UTC().Add(s.refreshExpiry)
+	refreshCookie := s.jwtProvider.CreateRefreshToken(refreshUuid, expires)
 
 	err = s.repo.CreateRefreshToken(&RefreshToken{
-		Expires:   exp,
-		UserUuid:  userUuid,
-		TokenUuid: refreshTokenUuid,
+		Expires:     expires,
+		UserUuid:    userUuid,
+		RefreshUuid: refreshUuid,
+		SessionUuid: sessionUuid,
 	})
 
 	return shared.AuthData{
-		AccessToken:  accessToken,
-		RefreshToken: refreshToken,
+		AccessToken:   accessToken,
+		RefreshCookie: refreshCookie,
 	}, nil
 }