diff --git a/internal/session/auth.go b/internal/session/auth.go
index e98c755f..99725cee 100644
--- a/internal/session/auth.go
+++ b/internal/session/auth.go
@@ -27,12 +27,6 @@ func (manager *SessionManagerCtx) Authenticate(r *http.Request) (types.Session,
 }
 
 func getToken(r *http.Request) (string, bool) {
-	// get from Cookie
-	cookie, err := r.Cookie("NEKO_SESSION")
-	if err == nil {
-		return cookie.Value, true
-	}
-
 	// get from Header
 	reqToken := r.Header.Get("Authorization")
 	splitToken := strings.Split(reqToken, "Bearer ")
@@ -40,6 +34,12 @@ func getToken(r *http.Request) (string, bool) {
 		return strings.TrimSpace(splitToken[1]), true
 	}
 
+	// get from Cookie
+	cookie, err := r.Cookie("NEKO_SESSION")
+	if err == nil {
+		return cookie.Value, true
+	}
+
 	// get from URL
 	token := r.URL.Query().Get("token")
 	if token != "" {