diff --git a/backend/app.js b/backend/app.js
index 23ef938..10e0306 100644
--- a/backend/app.js
+++ b/backend/app.js
@@ -1,4 +1,3 @@
-require("dotenv").config();
 const express = require("express");
 const cors = require("cors");
 const User = require("./models/user.model");
@@ -7,7 +6,7 @@ const app = express();
 app.use(express.json());
 
 const allowedOrigins = process.env.ALLOWED_ORIGINS.split(",").map(origin => origin.trim());
-console.log("Allowed Origins: ", allowedOrigins);
+console.log("Allowed Origins:", allowedOrigins);
 app.use(
   cors({
     origin: function (origin, callback) {
diff --git a/backend/models/user.model.js b/backend/models/user.model.js
index 298513b..bb212fe 100644
--- a/backend/models/user.model.js
+++ b/backend/models/user.model.js
@@ -17,7 +17,7 @@ exports.createUser = async (username, hashedPassword, name) => {
   const result = await pool.query(
     `INSERT INTO users (username, password, name, role)
      VALUES ($1, $2, $3, $4)`,
-    [username, hashedPassword, name, this.ROLES.EDITOR]
+    [username, hashedPassword, name, this.ROLES.VIEWER]
   );
   return result.rows[0];
 };
diff --git a/frontend/src/api/axios.js b/frontend/src/api/axios.js
index 1a74ee0..dcc8dbe 100644
--- a/frontend/src/api/axios.js
+++ b/frontend/src/api/axios.js
@@ -16,4 +16,17 @@ api.interceptors.request.use((config => {
   return config;
 }));
 
+api.interceptors.response.use(
+  response => response,
+  error => {
+    if (error.response?.status === 401 &&
+      error.response?.data?.message === "Invalid or expired token") {
+      localStorage.removeItem("token");
+      window.location.href = "/login";
+      alert("Your session has expired. Please log in again.");
+    }
+    return Promise.reject(error);
+  }
+);
+
 export default api;
\ No newline at end of file