diff --git a/core/api.go b/core/api.go
index 847f720..8455e2c 100644
--- a/core/api.go
+++ b/core/api.go
@@ -198,6 +198,9 @@ func (caller apiCaller) blockAPI(w http.ResponseWriter, r *http.Request) error {
 				logger.Println("account is not blocked. err :", err)
 			} else {
 				logger.Println("account is blocked :", meta)
+
+				bi.Accid = accid
+				caller.mg.bl.add(&bi)
 				mg.sessionProvider.Delete(accid)
 			}
 		}
@@ -223,6 +226,8 @@ func (caller apiCaller) blockAPI(w http.ResponseWriter, r *http.Request) error {
 		if err != nil {
 			return err
 		}
+
+		caller.mg.bl.remove(idobj)
 	}
 	return nil
 }
diff --git a/core/member_container.go b/core/member_container.go
index 7259ce8..64f7b05 100644
--- a/core/member_container.go
+++ b/core/member_container.go
@@ -84,24 +84,6 @@ func (p *memberContainerPtr[K, T]) all() []T {
 	return out
 }
 
-func (p *memberContainerPtr[K, T]) contains(key K, out *T) bool {
-	ptr := atomic.LoadPointer(&p.ptr)
-	src := (*map[K]T)(ptr)
-
-	found, exists := (*src)[key]
-	if exists {
-		if found.Expired() {
-			p.remove(key)
-			return false
-		}
-		if out != nil {
-			out = &found
-		}
-		return true
-	}
-	return false
-}
-
 func (p *memberContainerPtr[K, T]) watchCollection(parentctx context.Context, coll gocommon.CollectionName, mc gocommon.MongoClient) {
 	defer func() {
 		s := recover()
diff --git a/core/service.go b/core/service.go
index 8734d77..7a57e4a 100644
--- a/core/service.go
+++ b/core/service.go
@@ -537,11 +537,21 @@ func (sh *serviceDescription) authorize_dev(w http.ResponseWriter, r *http.Reque
 	if r.Method == "DELETE" {
 		sk := r.Header.Get("AS-X-SESSION")
 		if authinfo, err := sh.sessionProvider.Query(sk); err == nil {
+			bt := r.Header.Get("AS-X-BLOCK")
+			if len(bt) > 0 {
+				dur, _ := strconv.ParseInt(bt, 10, 0)
+				sh.bl.add(&blockinfo{
+					Start: primitive.NewDateTimeFromTime(time.Now().UTC()),
+					End:   primitive.NewDateTimeFromTime(time.Now().UTC().Add(time.Second * time.Duration(dur))),
+					Accid: authinfo.Account,
+				})
+			}
 			sh.sessionProvider.Delete(authinfo.Account)
 		}
 
 		return
 	}
+
 	sh.authorize(w, r)
 }
 
@@ -576,8 +586,17 @@ func (sh *serviceDescription) authorize(w http.ResponseWriter, r *http.Request)
 				"expirein": sh.sessionTTL.Seconds(),
 			})
 		} else {
-			logger.Println("sh.sessionProvider.Touch failed :", sk)
+			
 		}
+
+
+		authinfo, _ := sh.sessionProvider.Query(sk)
+		if _, ok := sh.bl.get(authinfo.Account); ok {
+			w.WriteHeader(http.StatusUnauthorized)
+			return
+		}
+
+
 		return
 	}
 
@@ -663,8 +682,7 @@ func (sh *serviceDescription) authorize(w http.ResponseWriter, r *http.Request)
 	oldcreate := account["create"].(primitive.DateTime)
 	newaccount := oldcreate == createtime
 
-	var bi *blockinfo
-	if sh.bl.contains(accid, &bi) {
+	if bi, ok := sh.bl.get(accid); ok {
 		// 블럭된 계정. 블락 정보를 알려준다.
 		w.Header().Add("MG-ACCOUNTBLOCK-START", strconv.FormatInt(bi.Start.Time().Unix(), 10))
 		w.Header().Add("MG-ACCOUNTBLOCK-END", strconv.FormatInt(bi.End.Time().Unix(), 10))
@@ -812,7 +830,7 @@ func (sh *serviceDescription) serveHTTP(w http.ResponseWriter, r *http.Request)
 				}
 
 				wm := &whitelistmember{Email: authInfo.Email, Platform: authInfo.Platform}
-				if sh.wl.contains(wm.Key(), nil) {
+				if _, ok := sh.wl.get(wm.Key()); ok {
 					// qa 권한이면 입장 가능
 					w.Write([]byte(fmt.Sprintf(`{"service":"%s"}`, div.Url)))
 				} else if div.Maintenance != nil {