diff --git a/.env.example b/.env.example
index 18f1d40..1c6aec1 100644
--- a/.env.example
+++ b/.env.example
@@ -2,6 +2,7 @@ SESSION_SECRET_KEY=
 SESSION_NAME=
 STEAM_API_KEY=
 PORT=
+FRONTEND_URL=
 
 POSTGRES_URL=
 POSTGRES_PORT=
diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..13ee2b0
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,3 @@
+{
+    "nuxt.isNuxtApp": false
+}
\ No newline at end of file
diff --git a/.vscode/tasks.json b/.vscode/tasks.json
new file mode 100644
index 0000000..740c540
--- /dev/null
+++ b/.vscode/tasks.json
@@ -0,0 +1,14 @@
+{
+  // See https://go.microsoft.com/fwlink/?LinkId=733558
+  // for the documentation about the tasks.json format
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "type": "shell",
+      "label": "Start dev server",
+      "command": "go run .",
+      "detail": "go dev",
+      "problemMatcher": []
+    }
+  ]
+}
diff --git a/controller/auth.go b/controller/auth.go
index 552d59f..605b163 100644
--- a/controller/auth.go
+++ b/controller/auth.go
@@ -1,15 +1,21 @@
 package controller
 
 import (
+	"encoding/json"
 	"net/http"
+	"time"
 
 	"github.com/robyzzz/csl-backend/config"
+	"github.com/robyzzz/csl-backend/model"
 	"github.com/robyzzz/csl-backend/utils"
 	"github.com/solovev/steam_go"
 )
 
 // GET /login - redirect to steam auth and validate user
 func Login(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Access-Control-Allow-Origin", config.FRONTEND_URL)
+	w.Header().Set("Access-Control-Allow-Credentials", "true")
+	
 	opId := steam_go.NewOpenId(r)
 
 	switch opId.Mode() {
@@ -32,7 +38,7 @@ func Login(w http.ResponseWriter, r *http.Request) {
 			utils.APIErrorRespond(w, utils.NewAPIError(http.StatusInternalServerError, err.Error()))
 			return
 		}
-
+		
 		config.CreateSessionID(w, r, user.SteamId)
 		http.Redirect(w, r, config.FRONTEND_URL, http.StatusTemporaryRedirect)
 	}
@@ -41,5 +47,30 @@ func Login(w http.ResponseWriter, r *http.Request) {
 // GET /logout - Log out from current session
 func Logout(w http.ResponseWriter, r *http.Request) {
 	config.RemoveSessionID(w, r)
+
+	c := &http.Cookie{
+		Name:     config.SESSION_NAME,
+		Value:    "",
+		Path:     "/",
+		Expires: time.Unix(0, 0),
+
+		HttpOnly: true,
+	}
+
+	http.SetCookie(w, c)
+	
 	http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
 }
+
+// PUT /auth
+func Auth(w http.ResponseWriter, r *http.Request) {
+	id:= config.GetSessionID(r)
+
+	user, err := model.GetSteamUser(id)
+	if err != nil {
+		utils.APIErrorRespond(w, utils.NewAPIError(http.StatusUnauthorized, err.Error()))
+		return
+	}
+
+	json.NewEncoder(w).Encode(user)
+}
\ No newline at end of file
diff --git a/controller/steam_user.go b/controller/steam_user.go
index d70597a..401ae34 100644
--- a/controller/steam_user.go
+++ b/controller/steam_user.go
@@ -81,5 +81,5 @@ func UpdateSteamUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	http.Redirect(w, r, config.FRONTEND_URL, http.StatusTemporaryRedirect)
+	// http.Redirect(w, r, config.FRONTEND_URL, http.StatusTemporaryRedirect)
 }
diff --git a/main.go b/main.go
index f84b890..43461a3 100644
--- a/main.go
+++ b/main.go
@@ -31,8 +31,9 @@ func setupRouter() {
 	router.HandleFunc("/", controller.Home)
 
 	// auth
-	router.Handle("/logout", middleware.IsAuthenticated(controller.Logout))
-	router.Handle("/login", middleware.BeforeLogin(controller.Login))
+	router.HandleFunc("/login",  controller.Login).Methods("GET")
+	router.HandleFunc("/logout", controller.Logout).Methods("GET")
+	router.Handle("/auth", 		 middleware.BeforeAuth(controller.Auth)).Methods("PUT", "OPTIONS");
 
 	// steam_user (steam data)
 	router.Handle("/profile", middleware.IsAuthenticated(controller.GetProfile))
diff --git a/middleware/auth.go b/middleware/auth.go
index 10f128a..165c315 100644
--- a/middleware/auth.go
+++ b/middleware/auth.go
@@ -13,8 +13,10 @@ func IsAuthenticated(h func(w http.ResponseWriter, r *http.Request)) http.Handle
 	next := http.HandlerFunc(h)
 	return http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {
-			w.Header().Set("Access-Control-Allow-Origin", config.FRONTEND_URL)
+			w.Header().Set("Access-Control-Allow-Origin", "http://localhost:3000")
 			w.Header().Set("Access-Control-Allow-Credentials", "true")
+			w.Header().Set("Access-Control-Allow-Headers","Content-Type,access-control-allow-origin, access-control-allow-headers")
+
 			if config.SessionAlreadyExists(r) {
 				next.ServeHTTP(w, r)
 			} else {
@@ -23,16 +25,31 @@ func IsAuthenticated(h func(w http.ResponseWriter, r *http.Request)) http.Handle
 		})
 }
 
-// Used to update steam user data when acessing /login
-// If user is already logged in, we update, else we redirect to login page
-func BeforeLogin(h func(w http.ResponseWriter, r *http.Request)) http.Handler {
+//! not needed
+// // Used to update steam user data when acessing /login
+// // If user is already logged in, we update, else we redirect to login page
+// func BeforeLogin(h func(w http.ResponseWriter, r *http.Request)) http.Handler {
+// 	next := http.HandlerFunc(h)
+// 	return http.HandlerFunc(
+// 		func(w http.ResponseWriter, r *http.Request) {
+// 			if config.SessionAlreadyExists(r) {
+// 				controller.UpdateSteamUser(w, r)
+// 				next.ServeHTTP(w, r)
+// 			} else {
+// 				next.ServeHTTP(w, r)
+// 			}
+// 		})
+// }
+
+func BeforeAuth(h func(w http.ResponseWriter, r *http.Request)) http.Handler {
 	next := http.HandlerFunc(h)
 	return http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {
 			if config.SessionAlreadyExists(r) {
 				controller.UpdateSteamUser(w, r)
-			} else {
 				next.ServeHTTP(w, r)
+			} else {
+				utils.APIErrorRespond(w, utils.NewAPIError(http.StatusUnauthorized, "Unauthorized"))
 			}
 		})
 }