diff --git a/src/api/service/auth-service/index.ts b/src/api/service/auth-service/index.ts
index 364062cc..657e0f22 100644
--- a/src/api/service/auth-service/index.ts
+++ b/src/api/service/auth-service/index.ts
@@ -11,7 +11,7 @@ import {
 export const authServiceRemote = () => ({
   // 로그인
   login: async (payload: LoginRequest) => {
-    const data = await api.post<LoginResponse>('/auth/login', payload);
+    const data = await api.post<LoginResponse>('/auth/login', payload, { withCredentials: true });
 
     setAccessToken(data.accessToken, data.expiresIn);
     return data;
@@ -22,7 +22,7 @@ export const authServiceRemote = () => ({
 
   // 로그아웃
   logout: async () => {
-    await api.post<void>('/auth/logout');
+    await api.post<void>('/auth/logout', null, { withCredentials: true });
     clearAccessToken();
   },
 
@@ -40,7 +40,7 @@ export const authServiceRemote = () => ({
 
   // 회원 탈퇴
   withdraw: async () => {
-    await api.delete<void>('/auth/withdraw');
+    await api.delete<void>('/auth/withdraw', { withCredentials: true });
     clearAccessToken();
   },
 });
diff --git a/src/lib/auth/token.ts b/src/lib/auth/token.ts
index 2b2f49e7..f6d4c516 100644
--- a/src/lib/auth/token.ts
+++ b/src/lib/auth/token.ts
@@ -3,7 +3,11 @@ const ACCESS_TOKEN_KEY = 'accessToken';
 export const setAccessToken = (token: string, maxAgeSeconds?: number) => {
   if (typeof document === 'undefined') return;
 
-  const parts = [`${ACCESS_TOKEN_KEY}=${encodeURIComponent(token)}`, 'path=/'];
+  const parts = [
+    `${ACCESS_TOKEN_KEY}=${encodeURIComponent(token)}`,
+    'path=/',
+    'domain=.wego.monster',
+  ];
 
   if (typeof maxAgeSeconds === 'number' && maxAgeSeconds > 0) {
     parts.push(`Max-Age=${maxAgeSeconds}`);
diff --git a/src/proxy.ts b/src/proxy.ts
new file mode 100644
index 00000000..12169813
--- /dev/null
+++ b/src/proxy.ts
@@ -0,0 +1,28 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+export default async function proxy(request: NextRequest) {
+  const accessToken = request.cookies.get('accessToken');
+  const refreshToken = request.cookies.get('refreshToken');
+
+  const protectedPaths = ['/mypage', '/post-meetup', '/message', '/schedule'];
+  const isProtected = protectedPaths.some((path) => request.nextUrl.pathname.startsWith(path));
+
+  // 보호되지 않은 경로는 그냥 통과
+  if (!isProtected) {
+    return NextResponse.next();
+  }
+
+  // 둘 다 없으면 로그인 페이지로 redirect
+  if (!accessToken && !refreshToken) {
+    const loginUrl = new URL('/login', request.url);
+    loginUrl.searchParams.set('error', 'unauthorized');
+    loginUrl.searchParams.set('path', request.nextUrl.pathname);
+    return NextResponse.redirect(loginUrl);
+  }
+
+  return NextResponse.next();
+}
+
+export const config = {
+  matcher: ['/((?!api|_next/static|_next/image|favicon.ico|login|signup).*)'],
+};