diff --git a/packages/server/src/middleware/authenticated.js b/packages/server/src/middleware/authenticated.js
index f606ec6239..497c24699d 100644
--- a/packages/server/src/middleware/authenticated.js
+++ b/packages/server/src/middleware/authenticated.js
@@ -23,12 +23,10 @@ module.exports = async (ctx, next) => {
     appId = cookieAppId
   }
 
-  let token
-  if (isClient(ctx)) {
-    ctx.auth.authenticated = AuthTypes.APP
-    token = ctx.cookies.get(getCookieName(appId))
-  } else {
-    ctx.auth.authenticated = AuthTypes.BUILDER
+  let token = ctx.cookies.get(getCookieName(appId))
+  let authType = AuthTypes.APP
+  if (!token && !isClient(ctx)) {
+    authType = AuthTypes.BUILDER
     token = ctx.cookies.get(getCookieName())
   }
 
@@ -44,6 +42,7 @@ module.exports = async (ctx, next) => {
   }
 
   try {
+    ctx.auth.authenticated = authType
     const jwtPayload = jwt.verify(token, ctx.config.jwtSecret)
     ctx.appId = appId
     ctx.auth.apiKey = jwtPayload.apiKey