@2504pratik if (user exists) -> login with cookie user create? -> login with cookie logout functionality add relevant middlewares (if no cookies -> unauthorised, if cookie but expired -> logout + unauth)