diff --git a/src/app/api/user-validate/route.ts b/src/app/api/user-validate/route.ts
index 2e0c3859..ff4a3b61 100644
--- a/src/app/api/user-validate/route.ts
+++ b/src/app/api/user-validate/route.ts
@@ -1,12 +1,25 @@
 import { decrypt } from "@/app/(auth)/_lib/decrypt";
 import { prisma } from "@/lib";
-import { NextRequest, NextResponse } from "next/server";
-
+import { cookies } from "next/headers";
+import { NextResponse } from "next/server";
 export const dynamic = "force-dynamic";
 
-export async function GET(req: NextRequest) {
+export async function GET(req: Request) {
   try {
-    const token = req.headers.get("Authorization")?.split(" ")[1];
+    const SESSIONKEY = process.env.NEXT_PUBLIC_BASE_SESSION_KEY!;
+    // const token = req.headers.get("Authorization")?.split(" ")[1]
+    const token =
+      cookies().get(SESSIONKEY)?.value ||
+      req.headers.get("Authorization")?.split(" ")[1];
+    if (!token) {
+      return NextResponse.json(
+        {
+          success: false,
+          message: "Unauthorized token not found",
+        },
+        { status: 401 }
+      );
+    }
 
     const decripted = await decrypt({
       token: token!,
diff --git a/src/middleware.ts b/src/middleware.ts
index 466a5202..199e0e11 100644
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -41,6 +41,7 @@ const middlewareConfig: MiddlewareConfig = {
     "/api/get-cookie",
     "/api/user/activation",
     "/api/user-validate",
+    "/api/version",
 
     // PAGE
     "/login",
@@ -176,7 +177,14 @@ export const middleware = async (req: NextRequest) => {
         console.error("Token is undefined");
         return setCorsHeaders(unauthorizedResponseToken());
       }
-      return setCorsHeaders(await unauthorizedResponseValidationUser(token, req));
+      return setCorsHeaders(
+        await unauthorizedResponseValidationUser({
+          loginPath,
+          sessionKey,
+          token,
+          req,
+        })
+      );
     }
   }
 
@@ -257,11 +265,17 @@ function unauthorizedResponseUserNotActive(req: NextRequest) {
   );
 }
 
-async function unauthorizedResponseValidationUser(
-  token: string,
-  req: NextRequest
-) {
-  console.log("Token:", token);
+async function unauthorizedResponseValidationUser({
+  loginPath,
+  sessionKey,
+  token,
+  req,
+}: {
+  loginPath: string;
+  sessionKey: string;
+  token: string;
+  req: NextRequest;
+}) {
   const userLogout = await fetch(new URL("/api/auth/logout", req.url), {
     headers: {
       "Content-Type": "application/json",
@@ -270,8 +284,9 @@ async function unauthorizedResponseValidationUser(
   });
 
   if (userLogout.ok) {
-    const response = NextResponse.redirect(new URL("/login", req.url));
-    response.cookies.delete(middlewareConfig.sessionKey);
+    const response = NextResponse.redirect(new URL(loginPath, req.url));
+    // Clear invalid token
+    response.cookies.delete(sessionKey);
     return setCorsHeaders(response);
   }
   console.error("Error logging out user:", await userLogout.json());