token should set as cookie and should refresh the access token via a refresh route.
token should set as cookie and should refresh the access token via a refresh route.