diff --git a/backend/app/middlewares/mid_auth.go b/backend/app/middlewares/mid_auth.go
index 83b4089..4552da5 100644
--- a/backend/app/middlewares/mid_auth.go
+++ b/backend/app/middlewares/mid_auth.go
@@ -29,6 +29,11 @@ func (f *Middlewares) Auth(ctx fiber.Ctx) error {
 		return ctx.Next()
 	}
 
+	// check is XMLHttpRequest
+	if ctx.XHR() {
+		return ctx.SendStatus(fiber.StatusUnauthorized)
+	}
+
 	fullUrl := utils.FullURI(ctx)
 	u, err := url.Parse(fullUrl)
 	if err != nil {
diff --git a/frontend/wechat/src/api/client.js b/frontend/wechat/src/api/client.js
index 8231b3b..368edc0 100644
--- a/frontend/wechat/src/api/client.js
+++ b/frontend/wechat/src/api/client.js
@@ -4,6 +4,7 @@ import axios from 'axios';
 const client = axios.create({
     baseURL: '/v1',
     timeout: 10000,
+    withCredentials: true,
     headers: {
         'Content-Type': 'application/json',
     }
@@ -27,6 +28,12 @@ client.interceptors.response.use(
     error => {
         // Handle HTTP errors here
         if (error.response) {
+            // Handle 401 Unauthorized error
+            if (error.response.status === 401) {
+                const redirectUrl = encodeURIComponent(window.location.href);
+                window.location.href = `/v1/auth/wechat?redirect=${redirectUrl}`;
+                return;
+            }
             // Server responded with error status
             console.error('API Error:', error.response.status, error.response.data);
         } else if (error.request) {