diff --git a/server/Cargo.lock b/server/Cargo.lock
index 4343b75..f8708da 100644
--- a/server/Cargo.lock
+++ b/server/Cargo.lock
@@ -138,6 +138,7 @@ dependencies = [
  "axum",
  "axum-core",
  "bytes",
+ "cookie",
  "futures-util",
  "headers",
  "http",
@@ -284,6 +285,17 @@ version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
 
+[[package]]
+name = "cookie"
+version = "0.18.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747"
+dependencies = [
+ "percent-encoding",
+ "time",
+ "version_check",
+]
+
 [[package]]
 name = "core-foundation-sys"
 version = "0.8.7"
@@ -406,6 +418,15 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "deranged"
+version = "0.3.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b42b6fa04a440b495c8b04d0e71b707c585f83cb9cb28cf8cd0d976c315e31b4"
+dependencies = [
+ "powerfmt",
+]
+
 [[package]]
 name = "digest"
 version = "0.10.7"
@@ -1132,6 +1153,12 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "num-conv"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
+
 [[package]]
 name = "num-integer"
 version = "0.1.46"
@@ -1277,6 +1304,12 @@ version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2"
 
+[[package]]
+name = "powerfmt"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
+
 [[package]]
 name = "ppv-lite86"
 version = "0.2.20"
@@ -1926,6 +1959,37 @@ dependencies = [
  "once_cell",
 ]
 
+[[package]]
+name = "time"
+version = "0.3.37"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "35e7868883861bd0e56d9ac6efcaaca0d6d5d82a2a7ec8209ff492c07cf37b21"
+dependencies = [
+ "deranged",
+ "itoa",
+ "num-conv",
+ "powerfmt",
+ "serde",
+ "time-core",
+ "time-macros",
+]
+
+[[package]]
+name = "time-core"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
+
+[[package]]
+name = "time-macros"
+version = "0.2.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2834e6017e3e5e4b9834939793b282bc03b37a3336245fa820e35e233e2a85de"
+dependencies = [
+ "num-conv",
+ "time-core",
+]
+
 [[package]]
 name = "tinystr"
 version = "0.7.6"
diff --git a/server/Cargo.toml b/server/Cargo.toml
index 63482ce..3045a6d 100644
--- a/server/Cargo.toml
+++ b/server/Cargo.toml
@@ -6,7 +6,7 @@ edition = "2021"
 [dependencies]
 # Primary crates
 axum = { version = "0.8", features = [ "macros", "json" ] }
-axum-extra = { version = "0.10.0", features = [ "typed-header" ] }
+axum-extra = { version = "0.10.0", features = [ "typed-header", "cookie" ] }
 tokio = { version = "1.43", features = [ "rt-multi-thread", "macros" ] }
 sqlx = { version = "0.8", features = [ "runtime-tokio", "postgres", "uuid", "chrono" ] }
 
diff --git a/server/src/auth.rs b/server/src/auth.rs
index 5ff316d..7aec995 100644
--- a/server/src/auth.rs
+++ b/server/src/auth.rs
@@ -4,8 +4,13 @@ use argon2::{
     password_hash::{rand_core::OsRng, PasswordHasher, SaltString},
     Argon2, PasswordHash, PasswordVerifier,
 };
-use axum::{extract::FromRequestParts, http::request::Parts, RequestPartsExt};
+use axum::{
+    extract::FromRequestParts,
+    http::{request::Parts, StatusCode},
+    RequestPartsExt,
+};
 use axum_extra::{
+    extract::cookie::{Cookie, CookieJar},
     headers::{authorization::Bearer, Authorization},
     typed_header::TypedHeaderRejectionReason,
     TypedHeader,
@@ -51,6 +56,16 @@ where
             },
         };
 
+        match parts.extract::<CookieJar>().await {
+            Ok(jar) => {
+                if let Some(session_token) = jar.get("session_token") {
+                    // TODO: Implement function to retrieve user permissions
+                    tracing::info!("{session_token:?}")
+                }
+            }
+            Err(_) => (),
+        }
+
         Err(AuthError::Unauthorized.into())
     }
 }
diff --git a/server/src/database/model/session.rs b/server/src/database/model/session.rs
index 2a1af46..ce551df 100644
--- a/server/src/database/model/session.rs
+++ b/server/src/database/model/session.rs
@@ -1,5 +1,5 @@
 use chrono::{DateTime, Utc};
-use sqlx::Postgres;
+use sqlx::{PgPool, Postgres};
 
 pub struct Session {
     pub session_id: uuid::Uuid,
@@ -34,4 +34,12 @@ impl Session {
 
         Ok(())
     }
+
+    pub async fn from_token(transaction: &PgPool, token: &str) -> Result<Self, sqlx::Error> {
+        let session = sqlx::query_as!(Self, "SELECT * FROM sessions WHERE token = $1;", token)
+            .fetch_one(transaction)
+            .await?;
+
+        Ok(session)
+    }
 }