diff --git a/core/maingate.go b/core/maingate.go
index ea374aa..35e37b5 100644
--- a/core/maingate.go
+++ b/core/maingate.go
@@ -74,6 +74,7 @@ func SessionTTL() time.Duration {
 
 type maingateConfig struct {
 	session.SessionConfig          `json:",inline"`
+	MustUseChecksum                bool   `json:"maingate_must_checksum"`
 	Mongo                          string `json:"maingate_mongodb_url"`
 	Autologin_ttl                  int64  `json:"autologin_ttl"`
 	MaximumNumLinkAccount          int64  `json:"maximum_num_link_account"`
@@ -407,6 +408,7 @@ func (mg *Maingate) RegisterHandlers(ctx context.Context, serveMux *http.ServeMu
 	if len(allServices) > 0 {
 		only := allServices[0]
 		only.prepare(mg)
+		only.mustUseChecksum = config.MustUseChecksum
 
 		atomic.StorePointer(&mg.serviceptr, unsafe.Pointer(only))
 	} else {
diff --git a/core/service.go b/core/service.go
index 34c1d53..af19661 100644
--- a/core/service.go
+++ b/core/service.go
@@ -2,6 +2,8 @@ package core
 
 import (
 	"context"
+	"crypto/md5"
+	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -113,6 +115,7 @@ type serviceDescription struct {
 	divisionsSerialized []byte
 	serviceSerialized   []byte
 	divisionsSplits     map[string][]byte
+	mustUseChecksum     bool
 }
 
 func (sh *serviceDescription) isValidToken(apiToken primitive.ObjectID) bool {
@@ -613,7 +616,23 @@ func (sh *serviceDescription) authorize(w http.ResponseWriter, r *http.Request)
 	queryvals := r.URL.Query()
 	authtype := queryvals.Get("type")
 	uid := queryvals.Get("id")
-	if sk := queryvals.Get("sk"); len(sk) > 0 {
+	sk := queryvals.Get("sk")
+
+	checksum := r.Header.Get("AS-X-CHECKSUM")
+	if len(checksum) > 0 || sh.mustUseChecksum {
+		nonce := queryvals.Get("nonce")
+		cookie := r.Header.Get("Cookie")
+
+		h := md5.New()
+		h.Write([]byte(cookie + nonce + sk))
+
+		if checksum != hex.EncodeToString(h.Sum(nil)) {
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+	}
+
+	if len(sk) > 0 {
 		success, err := sh.sessionProvider.Touch(sk)
 		if err != nil {
 			logger.Error("authorize failed. sessionProvider.Touch err:", err)
@@ -723,7 +742,7 @@ func (sh *serviceDescription) authorize(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	sk, err := sh.sessionProvider.New(&session.Authorization{
+	sk, err = sh.sessionProvider.New(&session.Authorization{
 		Account:  accid,
 		Platform: authtype,
 		Uid:      uid,
diff --git a/go.mod b/go.mod
index 6db0c96..0c973e3 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	go.mongodb.org/mongo-driver v1.11.7
 	google.golang.org/api v0.128.0
-	repositories.action2quare.com/ayo/gocommon v0.0.0-20240201092859-c71a74762de7
+	repositories.action2quare.com/ayo/gocommon v0.0.0-20240329000615-564827dd9c5b
 )
 
 require (
diff --git a/go.sum b/go.sum
index c18837e..a16254d 100644
--- a/go.sum
+++ b/go.sum
@@ -270,3 +270,5 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 repositories.action2quare.com/ayo/gocommon v0.0.0-20240201092859-c71a74762de7 h1:ikDwKNiRXJlIBueAVmp9p2To+lRN9zTzGSvVHCXgFnI=
 repositories.action2quare.com/ayo/gocommon v0.0.0-20240201092859-c71a74762de7/go.mod h1:Gb418rT96M3K7L/XMPzp8IJj4UXVunq7dZzrxsMBz/8=
+repositories.action2quare.com/ayo/gocommon v0.0.0-20240329000615-564827dd9c5b h1:7eeSfrMutg4YjvlWfDpQm7n/Rxb4zg7TC7x/xHf065c=
+repositories.action2quare.com/ayo/gocommon v0.0.0-20240329000615-564827dd9c5b/go.mod h1:Gb418rT96M3K7L/XMPzp8IJj4UXVunq7dZzrxsMBz/8=