diff --git a/packages/nc-gui/composables/useApi/interceptors.ts b/packages/nc-gui/composables/useApi/interceptors.ts
index 1ad82f4c3c..aed8f26e4c 100644
--- a/packages/nc-gui/composables/useApi/interceptors.ts
+++ b/packages/nc-gui/composables/useApi/interceptors.ts
@@ -16,6 +16,7 @@ export function addAxiosInterceptors(api: Api<any>) {
   axiosInstance.interceptors.request.use((config) => {
     config.headers['xc-gui'] = 'true'
 
+    // Add auth header only if signed in and if `xc-short-token` header is not present (for short-lived tokens used for token generation)
     if (state.token.value && !config.headers['xc-short-token']) config.headers['xc-auth'] = state.token.value
 
     if (!config.url?.endsWith('/user/me') && !config.url?.endsWith('/admin/roles') && state.previewAs?.value) {
diff --git a/packages/nc-gui/middleware/auth.global.ts b/packages/nc-gui/middleware/auth.global.ts
index 74d6819740..9b87f7bdb1 100644
--- a/packages/nc-gui/middleware/auth.global.ts
+++ b/packages/nc-gui/middleware/auth.global.ts
@@ -51,6 +51,7 @@ export default defineNuxtRouteMiddleware(async (to, from) => {
     await tryGoogleAuth(api, state.signIn)
   }
 
+  /** if not signedIn try token population based on short-lived-token */
   if (!state.signedIn.value) await tryShortTokenAuth(api, state.signIn)
 
   /** if public allow all visitors */
diff --git a/packages/nocodb/src/controllers/auth/auth.controller.ts b/packages/nocodb/src/controllers/auth/auth.controller.ts
index 70a7a7d269..6e315c39a5 100644
--- a/packages/nocodb/src/controllers/auth/auth.controller.ts
+++ b/packages/nocodb/src/controllers/auth/auth.controller.ts
@@ -18,12 +18,10 @@ import type { AppConfig } from '~/interface/config';
 
 import { UsersService } from '~/services/users/users.service';
 import { AppHooksService } from '~/services/app-hooks/app-hooks.service';
-import { randomTokenString, setTokenCookie } from '~/services/users/helpers';
 
 import { GlobalGuard } from '~/guards/global/global.guard';
 import { NcError } from '~/helpers/catchError';
 import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware';
-import { User } from '~/models';
 import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard';
 import { PublicApiLimiterGuard } from '~/guards/public-api-limiter.guard';
 
@@ -246,25 +244,6 @@ export class AuthController {
   }
 
   async setRefreshToken({ res, req }) {
-    const userId = req.user?.id;
-
-    if (!userId) return;
-
-    const user = await User.get(userId);
-
-    if (!user) return;
-
-    const refreshToken = randomTokenString();
-
-    if (!user['token_version']) {
-      user['token_version'] = randomTokenString();
-    }
-
-    await User.update(user.id, {
-      refresh_token: refreshToken,
-      email: user.email,
-      token_version: user['token_version'],
-    });
-    setTokenCookie(res, refreshToken);
+    await this.usersService.setRefreshToken({ res, req });
   }
 }