diff --git a/web/__snapshots__/web.snapshot b/web/__snapshots__/web.snapshot
index 77d14e18..a3161a7f 100644
--- a/web/__snapshots__/web.snapshot
+++ b/web/__snapshots__/web.snapshot
@@ -41,6 +41,18 @@ X-Content-Type-Options: nosniff
 
 Unauthorized
 
+/* snapshot: Test_createRoutes_username_password_valid_session */
+HTTP/1.1 200 OK
+Connection: close
+Cache-Control: no-cache
+Connection: keep-alive
+Content-Security-Policy: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; manifest-src 'self'; connect-src 'self' api.github.com; require-trusted-types-for 'script'
+Content-Type: text/event-stream
+X-Accel-Buffering: no
+
+event: container-stopped
+data: end of stream
+
 /* snapshot: Test_createRoutes_version */
 HTTP/1.1 200 OK
 Connection: close
diff --git a/web/routes_test.go b/web/routes_test.go
index 91dbd689..ed5460de 100644
--- a/web/routes_test.go
+++ b/web/routes_test.go
@@ -13,6 +13,7 @@ import (
 	"os"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/gorilla/mux"
 	"github.com/magiconair/properties/assert"
@@ -380,6 +381,43 @@ func Test_createRoutes_username_password_login_failed(t *testing.T) {
 	assert.Equal(t, rr.Code, 401)
 }
 
+func Test_createRoutes_username_password_valid_session(t *testing.T) {
+	mockedClient := new(MockedClient)
+	mockedClient.On("FindContainer", "123").Return(docker.Container{ID: "123"}, nil)
+	mockedClient.On("ContainerLogs", mock.Anything, "123", 0).Return(ioutil.NopCloser(strings.NewReader("test data")), io.EOF)
+	handler := createHandler(mockedClient, nil, Config{Base: "/", Username: "amir", Password: "password", Key: "key"})
+
+	// Get cookie first
+	req, err := http.NewRequest("GET", "/api/logs/stream?id=123", nil)
+	require.NoError(t, err, "NewRequest should not return an error.")
+	session, _ := store.Get(req, sessionName)
+	session.Values[authorityKey] = time.Now().Unix()
+	recorder := httptest.NewRecorder()
+	session.Save(req, recorder)
+	cookies := recorder.Result().Cookies()
+
+	// Test with cookie
+	req, err = http.NewRequest("GET", "/api/logs/stream?id=123", nil)
+	require.NoError(t, err, "NewRequest should not return an error.")
+	req.AddCookie(cookies[0])
+	rr := httptest.NewRecorder()
+	handler.ServeHTTP(rr, req)
+	abide.AssertHTTPResponse(t, t.Name(), rr.Result())
+}
+
+func Test_createRoutes_username_password_invalid_session(t *testing.T) {
+	mockedClient := new(MockedClient)
+	mockedClient.On("FindContainer", "123").Return(docker.Container{ID: "123"}, nil)
+	mockedClient.On("ContainerLogs", mock.Anything, "123", 0).Return(ioutil.NopCloser(strings.NewReader("test data")), io.EOF)
+	handler := createHandler(mockedClient, nil, Config{Base: "/", Username: "amir", Password: "password", Key: "key"})
+	req, err := http.NewRequest("GET", "/api/logs/stream?id=123", nil)
+	require.NoError(t, err, "NewRequest should not return an error.")
+	req.AddCookie(&http.Cookie{Name: "session", Value: "baddata"})
+	rr := httptest.NewRecorder()
+	handler.ServeHTTP(rr, req)
+	assert.Equal(t, rr.Code, 401)
+}
+
 func createHandler(client docker.Client, content fs.FS, config Config) *mux.Router {
 	if client == nil {
 		client = new(MockedClient)