diff --git a/src/main/java/demo/api/auth/AuthController.java b/src/main/java/demo/api/auth/AuthController.java
index 37b2e8f..1c9a217 100644
--- a/src/main/java/demo/api/auth/AuthController.java
+++ b/src/main/java/demo/api/auth/AuthController.java
@@ -5,6 +5,8 @@ import demo.api.user.domain.User;
 import demo.api.user.dtos.UserSignInRequest;
 import demo.api.user.dtos.UserSignUpRequest;
 import java.util.Objects;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
@@ -45,7 +47,17 @@ public class AuthController {
   }
 
   @PostMapping("/signIn")
-  public ResponseEntity<TokenDto> signIn(@Validated UserSignInRequest signInReq) {
-    return authService.signIn(signInReq);
+  public String signIn(@Validated UserSignInRequest signInReq, HttpServletResponse res) {
+    ResponseEntity<TokenDto> tokenDtoResponseEntity = authService.signIn(signInReq);
+    Cookie cookie = new Cookie(
+        "access_token",
+        tokenDtoResponseEntity.getBody().getAccess_token()
+    );
+
+    cookie.setPath("/");
+    cookie.setMaxAge(Integer.MAX_VALUE);
+
+    res.addCookie(cookie);
+    return "redirect:/user/profile";
   }
 }
diff --git a/src/main/java/demo/api/config/SecurityConfig.java b/src/main/java/demo/api/config/SecurityConfig.java
index 45a5e20..c47f818 100644
--- a/src/main/java/demo/api/config/SecurityConfig.java
+++ b/src/main/java/demo/api/config/SecurityConfig.java
@@ -40,14 +40,9 @@ public class SecurityConfig {
 
   @Bean
   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-    // 
+    // Disable csrf to use token
     http
         .csrf().disable();
-//        .formLogin()
-//        .loginPage("/auth/signIn")
-//        .usernameParameter("email")
-//        .defaultSuccessUrl("/")
-//        .failureUrl("/auth/signIn?fail=true");
 
     //
     http