diff --git a/src/app/db/migrations/1729363922_add_users.sql b/priv/migrations/1729363922_add_users.sql
similarity index 100%
rename from src/app/db/migrations/1729363922_add_users.sql
rename to priv/migrations/1729363922_add_users.sql
diff --git a/src/app/controllers/sessions.gleam b/src/app/controllers/sessions.gleam
index d8b57ed..f3f5978 100644
--- a/src/app/controllers/sessions.gleam
+++ b/src/app/controllers/sessions.gleam
@@ -50,13 +50,7 @@ fn handle_login(req: Request, ctx: config.Context) -> Response {
           // read it when looking for user in auth hook
           wisp.ok()
           |> wisp.json_body(user_serializer.run(user))
-          |> wisp.set_cookie(
-            req,
-            auth.cookie_name,
-            user.email,
-            wisp.Signed,
-            auth.cookie_max_age,
-          )
+          |> auth.set_cookie(req, user)
         }
 
         False -> {
@@ -103,7 +97,9 @@ fn handle_register(req: Request, ctx: config.Context) {
     }
 
     Ok(new_user) -> {
-      wisp.ok() |> wisp.json_body(user_serializer.run(new_user))
+      wisp.ok()
+      |> wisp.json_body(user_serializer.run(new_user))
+      |> auth.set_cookie(req, new_user)
     }
   }
 }
diff --git a/src/app/db/migrator.gleam b/src/app/db/migrator.gleam
index 313734b..2e28c26 100644
--- a/src/app/db/migrator.gleam
+++ b/src/app/db/migrator.gleam
@@ -2,11 +2,14 @@ import app/db/connection
 import app/lib/logger
 import feather
 import feather/migrate as migrator
+import wisp
 
 pub fn migrate_to_latest() {
   logger.info("Fetching migrations...")
 
-  let assert Ok(migrations) = migrator.get_migrations("src/app/db/migrations")
+  let assert Ok(priv_dir) = wisp.priv_directory("okane")
+
+  let assert Ok(migrations) = migrator.get_migrations(priv_dir <> "/migrations")
 
   logger.info("Acquiring connection...")
 
diff --git a/src/app/hooks/auth.gleam b/src/app/hooks/auth.gleam
index 027b0e6..d9a03c2 100644
--- a/src/app/hooks/auth.gleam
+++ b/src/app/hooks/auth.gleam
@@ -9,6 +9,34 @@ pub const cookie_max_age = 604_800
 
 pub const cookie_name = "__session"
 
+pub fn get_cookie(
+  req: wisp.Request,
+  with: fn(String) -> wisp.Response,
+) -> wisp.Response {
+  let cookie_res = wisp.get_cookie(req, cookie_name, wisp.Signed)
+
+  case cookie_res {
+    Ok(c) -> with(c)
+    Error(_) -> {
+      response_helpers.unauthorized()
+      |> wisp.json_body(base_serializer.serialize_error(
+        "Invalid token or token not found",
+      ))
+    }
+  }
+}
+
+pub fn set_cookie(res: wisp.Response, req: wisp.Request, user: user.User) {
+  wisp.set_cookie(
+    res,
+    req,
+    cookie_name,
+    user.email,
+    wisp.Signed,
+    cookie_max_age,
+  )
+}
+
 /// session/auth hook
 /// 1. check if cookie is present
 /// 2. find user if there and put it inside context
@@ -18,22 +46,15 @@ pub fn hook(
   ctx: config.Context,
   handle: fn(config.Context) -> wisp.Response,
 ) -> wisp.Response {
-  wisp.get_cookie(req, cookie_name, wisp.Signed)
+  use user_email <- get_cookie(req)
+
+  user.find_by_email(user_email, ctx.db)
   |> result.map_error(fn(_) {
     response_helpers.unauthorized()
     |> wisp.json_body(base_serializer.serialize_error(
       "Invalid token or token not found",
     ))
   })
-  |> result.try(fn(user_email) {
-    user.find_by_email(user_email, ctx.db)
-    |> result.map_error(fn(_) {
-      response_helpers.unauthorized()
-      |> wisp.json_body(base_serializer.serialize_error(
-        "Invalid token or token not found",
-      ))
-    })
-  })
   |> result.map(fn(user) { config.set_user(ctx, user) |> handle })
   |> result.unwrap_error(wisp.internal_server_error())
 }