diff --git a/auth/jwt.go b/auth/jwt.go
index a0977593..7e78f875 100644
--- a/auth/jwt.go
+++ b/auth/jwt.go
@@ -40,13 +40,23 @@ func (h *Handler) CreateJwt(c echo.Context) error {
 	}
 
 	auth := c.Request().Header.Get("Authorization")
-	var jwt *string
+	var token string
 
-	if !strings.HasPrefix(auth, "Bearer ") {
+	if auth == "" {
+		c, _ := c.Request().Cookie("X-Bearer")
+		if c != nil {
+			token = c.Value
+		}
+	} else if strings.HasPrefix(auth, "Bearer ") {
+		token = auth[len("Bearer "):]
+	} else if auth != "" {
+		return echo.NewHTTPError(http.StatusUnauthorized, "Invalid bearer format.")
+	}
+
+	var jwt *string
+	if token == "" {
 		jwt = h.createGuestJwt()
 	} else {
-		token := auth[len("Bearer "):]
-
 		tkn, err := h.createJwt(token)
 		if err != nil {
 			return err
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
index 802e05f1..b02600d6 100644
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -23,7 +23,7 @@ x-transcoder: &transcoder-base
     - "traefik.http.routers.transcoder.rule=PathPrefix(`/video`)"
     - "traefik.http.routers.transcoder.middlewares=phantom-token"
     - "traefik.http.middlewares.phantom-token.forwardauth.address=http://auth:4568/auth/jwt"
-    - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,X-Api-Key"
+    - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,Cookie,X-Api-Key"
     - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization"
   develop:
     watch:
@@ -94,7 +94,7 @@ services:
       - "traefik.http.routers.api.rule=PathPrefix(`/api/`) || PathPrefix(`/swagger`)"
       - "traefik.http.routers.api.middlewares=phantom-token"
       - "traefik.http.middlewares.phantom-token.forwardauth.address=http://auth:4568/auth/jwt"
-      - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,X-Api-Key"
+      - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,Cookie,X-Api-Key"
       - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization"
     develop:
       watch:
@@ -129,7 +129,7 @@ services:
       - "traefik.http.routers.scanner.rule=PathPrefix(`/scanner/`)"
       - "traefik.http.routers.scanner.middlewares=phantom-token"
       - "traefik.http.middlewares.phantom-token.forwardauth.address=http://auth:4568/auth/jwt"
-      - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,X-Api-Key"
+      - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,Cookie,X-Api-Key"
       - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization"
     command: fastapi dev scanner --host 0.0.0.0 --port 4389
     develop:
diff --git a/docker-compose.yml b/docker-compose.yml
index 1c561b17..b8cd7c5e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -19,7 +19,7 @@ x-transcoder: &transcoder-base
     - "traefik.http.routers.transcoder.rule=PathPrefix(`/video`)"
     - "traefik.http.routers.transcoder.middlewares=phantom-token"
     - "traefik.http.middlewares.phantom-token.forwardauth.address=http://auth:4568/auth/jwt"
-    - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,X-Api-Key"
+    - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,Cookie,X-Api-Key"
     - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization"
 
 services:
@@ -64,7 +64,7 @@ services:
       - "traefik.http.routers.api.rule=PathPrefix(`/api/`) || PathPrefix(`/swagger`)"
       - "traefik.http.routers.api.middlewares=phantom-token"
       - "traefik.http.middlewares.phantom-token.forwardauth.address=http://auth:4568/auth/jwt"
-      - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,X-Api-Key"
+      - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,Cookie,X-Api-Key"
       - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization"
 
   scanner:
@@ -86,7 +86,7 @@ services:
       - "traefik.http.routers.scanner.rule=PathPrefix(`/scanner/`)"
       - "traefik.http.routers.scanner.middlewares=phantom-token"
       - "traefik.http.middlewares.phantom-token.forwardauth.address=http://auth:4568/auth/jwt"
-      - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,X-Api-Key"
+      - "traefik.http.middlewares.phantom-token.forwardauth.authRequestHeaders=Authorization,Cookie,X-Api-Key"
       - "traefik.http.middlewares.phantom-token.forwardauth.authResponseHeaders=Authorization"
 
   transcoder: