diff --git a/.gitignore b/.gitignore
index 87049b6..9166dcc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@ __pycache__/
 *.py[cod]
 celerybeat-schedule
 backend/static
+backend/media
 bot/logs.log
diff --git a/backend/media/products/1003345981.jpg b/backend/media/products/1003345981.jpg
deleted file mode 100644
index 3113c7f..0000000
Binary files a/backend/media/products/1003345981.jpg and /dev/null differ
diff --git a/batcher/app/src/dependencies.py b/batcher/app/src/dependencies.py
index b1356ff..e6e7677 100644
--- a/batcher/app/src/dependencies.py
+++ b/batcher/app/src/dependencies.py
@@ -4,11 +4,12 @@ import base64
 import hashlib
 import json
 from fastapi import Header, HTTPException
+from typing import Tuple
 
 from .config import TG_TOKEN
 
 
-async def get_token_header(authorization: str = Header()) -> (int, str):
+async def get_token_header(authorization: str = Header()) -> Tuple[int, str]:
     if not authorization:
         raise HTTPException(status_code=403, detail='Unauthorized')
 
@@ -48,5 +49,4 @@ async def get_token_header(authorization: str = Header()) -> (int, str):
         raise HTTPException(status_code=403, detail='Unauthorized')
 
     user_info = json.loads(data_dict['user'])
-    return user_info['id'], authorization
-
+    return user_info['id'], token
diff --git a/batcher/app/src/domain/click/usecase.py b/batcher/app/src/domain/click/usecase.py
index ae65cf7..3e42047 100644
--- a/batcher/app/src/domain/click/usecase.py
+++ b/batcher/app/src/domain/click/usecase.py
@@ -5,6 +5,8 @@ import aiohttp
 import redis.asyncio as redis
 import aio_pika
 import asyncpg
+import base64
+from fastapi.exceptions import HTTPException
 
 from app.src.domain.setting import get_setting
 from .repos.redis import (
@@ -103,8 +105,14 @@ async def _has_any_clicks(r: redis.Redis, user_id: int) -> bool:
 
 
 async def _get_refresh_energy(r: redis.Redis, user_id: int, req_token: str) -> int:
+    new_auth_date = _auth_date_from_token(req_token)
     current_token = await get_user_session(r, user_id)
     if current_token != req_token:
+        if current_token is not None:
+            last_auth_date = _auth_date_from_token(current_token)
+            session_cooldown = get_setting('SESSION_COOLDOWN')
+            if new_auth_date - last_auth_date < session_cooldown:
+                raise HTTPException(status_code=403, detail='Unauthorized')
         session_energy = int(get_setting('SESSION_ENERGY'))
         await set_user_session(r, user_id, req_token)
         await set_energy(r, user_id, session_energy)
@@ -112,6 +120,12 @@ async def _get_refresh_energy(r: redis.Redis, user_id: int, req_token: str) -> i
     else:
         return await r_get_energy(r, user_id)
 
+def _auth_date_from_token(token):
+    split_res = base64.b64decode(token).decode('utf-8').split(':')
+    data_check_string = ':'.join(split_res[:-1]).strip().replace('/', '\\/')
+    data_dict = dict([x.split('=') for x in data_check_string.split('\n')])
+    return int(data_dict['auth_date'])
+
 
 async def check_energy(r: redis.Redis, user_id: int, amount: int, _token: str) -> Tuple[int, int]:
     _energy = await _get_refresh_energy(r, user_id, _token)