diff --git a/src/app.module.ts b/src/app.module.ts
index 3eda3291..a708405b 100644
--- a/src/app.module.ts
+++ b/src/app.module.ts
@@ -204,9 +204,8 @@ export async function AppModule(context: Map<string, any>) {
     session({
       secret: configService.get<string>('SESSION_SECRET'),
       resave: false,
-      saveUninitialized: true,
+      saveUninitialized: false,
       name: 'codechat.api.sid',
-      cookie: { secure: true },
     }),
   );
 
diff --git a/src/guards/auth.guard.ts b/src/guards/auth.guard.ts
index 1432bcdf..81b031b1 100644
--- a/src/guards/auth.guard.ts
+++ b/src/guards/auth.guard.ts
@@ -73,6 +73,10 @@ export class JwtGuard {
       );
     }
 
+    if (req.originalUrl.includes('/instance/qrcode')) {
+      return next();
+    }
+
     const jwtOpts = this.configService.get<Auth>('AUTHENTICATION').JWT;
     try {
       const [bearer, token] = req.get('authorization')?.split(' ');
diff --git a/src/guards/instance.guard.ts b/src/guards/instance.guard.ts
index 4cd3e7c8..83c891d1 100644
--- a/src/guards/instance.guard.ts
+++ b/src/guards/instance.guard.ts
@@ -50,7 +50,6 @@ import { InstanceDto } from '../whatsapp/dto/instance.dto';
 import { WAMonitoringService } from '../whatsapp/services/monitor.service';
 import { RedisCache } from '../cache/redis';
 import 'express-async-errors';
-import { InstanceController } from '../whatsapp/controllers/instance.controller';
 
 async function fetchInstanceFromCache(
   instanceName: string,
@@ -98,7 +97,9 @@ export class InstanceGuard {
 
     if (
       req.originalUrl.includes('/instance/create') ||
-      req.originalUrl.includes('/instance/fetchInstances')
+      req.originalUrl.includes('/instance/fetchInstances') ||
+      req.originalUrl.includes('/instance/qrcode') ||
+      req.originalUrl.includes('/instance/connect')
     ) {
       return next();
     }
diff --git a/src/whatsapp/controllers/views.controller.ts b/src/whatsapp/controllers/views.controller.ts
index 80c99b9c..2645612e 100644
--- a/src/whatsapp/controllers/views.controller.ts
+++ b/src/whatsapp/controllers/views.controller.ts
@@ -53,7 +53,7 @@ export class ViewsController {
     try {
       const param = request.params as unknown as InstanceDto;
       const instance = this.waMonit.waInstances[param.instanceName];
-      if (instance.connectionStatus.state === 'open') {
+      if (instance?.connectionStatus.state === 'open') {
         throw new BadRequestException('The instance is already connected');
       }
 
@@ -71,9 +71,8 @@ export class ViewsController {
 
       return response.status(HttpStatus.OK).render('qrcode', {
         ...param,
-        type: 'jwt',
         auth,
-        connectionState: instance.connectionStatus.state,
+        connectionState: instance?.connectionStatus.state || 'close',
       });
     } catch (error) {
       console.log('ERROR: ', error);
diff --git a/views/qrcode.hbs b/views/qrcode.hbs
index fcb59d62..f4bac69f 100644
--- a/views/qrcode.hbs
+++ b/views/qrcode.hbs
@@ -48,9 +48,7 @@
 
       $('#gen-qrcode').click(() => {
 
-         const headers = '{{type}}' === 'apikey'
-            ? { apikey: '{{auth.apikey}}' }
-            : { authorization: 'Bearer {{auth.jwt}}' };
+         const headers = { authorization: 'Bearer {{auth.token}}' }
 
          $.ajax({
             url: `/instance/connect/{{instanceName}}`,