diff --git a/app/controllers/api/v1/sessions_controller.rb b/app/controllers/api/v1/sessions_controller.rb
index ed739e5863..1b076beed7 100644
--- a/app/controllers/api/v1/sessions_controller.rb
+++ b/app/controllers/api/v1/sessions_controller.rb
@@ -32,8 +32,8 @@ def refresh
     if current_user.present?
       token = payload(current_user)
       set_response_cookie(token)
-      participants = adminset_permissions(user)
-      user_type = user_roles(user)
+      participants = adminset_permissions(current_user)
+      user_type = user_roles(current_user)
       render json: current_user.slice(:email).merge({participants: participants, type: user_type })
     else
       user_error
diff --git a/app/controllers/concerns/ubiquity/devise_hyku_api_session_integration.rb b/app/controllers/concerns/ubiquity/devise_hyku_api_session_integration.rb
new file mode 100644
index 0000000000..c424d813ea
--- /dev/null
+++ b/app/controllers/concerns/ubiquity/devise_hyku_api_session_integration.rb
@@ -0,0 +1,44 @@
+module Ubiquity
+  module DeviseHykuApiSessionIntegration
+    extend ActiveSupport::Concern
+
+    included do
+      after_action :set_api_token , only: [:create]
+      after_action :clear_jwt_token, only: [:destroy]
+    end
+
+    private
+
+    def set_api_token
+      shared_login = helpers.check_for_setting_value_in_tenant_settings("shared_login")
+      if current_user && shared_login.present?
+        expire = 1.hour.from_now
+        token = Ubiquity::Api::JwtGenerator.encode({id: current_user.id, exp: expire})
+        domain = ('.' + request.host)
+
+        response.set_cookie(
+            :jwt,
+              {
+                value: token, expires: expire, path: '/', same_site: :none,
+                domain: domain, secure: true, httponly: true
+            }
+        )
+      end
+    end
+
+    def clear_jwt_token
+      shared_login = helpers.check_for_setting_value_in_tenant_settings("shared_login")
+      if shared_login.present?
+        domain = ('.' + request.host)
+        response.set_cookie(
+          :jwt,
+            {
+              value: '', expires: 10000.hours.ago, path: '/', same_site: :none,
+              domain: domain, secure: true, httponly: true
+            }
+        )
+      end
+    end
+
+  end
+end
diff --git a/config/application.rb b/config/application.rb
index ab64c38065..dfdbf0c066 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -69,6 +69,7 @@ class Application < Rails::Application
       Hyrax::UsersController.include(::Ubiquity::UserShowConcern)
       Hyrax::WorksControllerBehavior.prepend(::Ubiquity::WorksControllerBehaviourOverride)
       Hyrax::FileSetsController.prepend(::Ubiquity::FileSetsControllerOverride)
+      Devise::SessionsController.include(::Ubiquity::DeviseHykuApiSessionIntegration)
     end
 
     config.before_initialize do