diff --git a/wp-content/themes/the-world/functions.php b/wp-content/themes/the-world/functions.php
index 2766e8a7a..6a099ae43 100644
--- a/wp-content/themes/the-world/functions.php
+++ b/wp-content/themes/the-world/functions.php
@@ -104,28 +104,33 @@ function tw_preview_post_link( $preview_link, $post ) {
 	 * @return void
 	 */
 	function tw_init_set_auth_cookie() {
-		$auth        = new WPGraphQL\JWT_Authentication\Auth();
-		$secret_key  = $auth->get_secret_key();
-		$user        = wp_get_current_user();
-		$cookie_name = 'tw-can_preview';
-
-		if ( $user && $secret_key && ! isset( $_COOKIE[ $cookie_name ] ) ) {
-			$hostname = wp_parse_url( get_site_url(), PHP_URL_HOST );
-			// NOTE: Regex assumes front-end domains will use single segment TLD's.
-			$domain = trim( preg_replace( '~.*?\.?((?:\.?[\w_-]+){2})$~', '$1', $hostname ), '.' );
-			$token  = $auth->get_refresh_token( $user );
-
-			setcookie(
-				$cookie_name,
-				$token,
-				array(
-					'expires'  => 0,
-					'path'     => '/',
-					'domain'   => $domain,
-					'httponly' => true,
-					'secure'   => isset( $_SERVER['HTTPS'] ),
-				)
-			);
+
+		if ( ! wp_doing_ajax() ) {
+			$auth        = new WPGraphQL\JWT_Authentication\Auth();
+			$secret_key  = $auth->get_secret_key();
+			$user        = wp_get_current_user();
+			$cookie_name = 'tw-can_preview';
+
+			if ( $user && $secret_key && ! isset( $_COOKIE[ $cookie_name ] ) ) {
+				$hostname = wp_parse_url( get_site_url(), PHP_URL_HOST );
+				// NOTE: Regex assumes front-end domains will use single segment TLD's.
+				$domain = trim( preg_replace( '~.*?\.?((?:\.?[\w_-]+){2})$~', '$1', $hostname ), '.' );
+				$token  = $auth->get_refresh_token( $user );
+
+				if ( $token && is_string( $token ) ) {
+					setcookie(
+						$cookie_name,
+						$token,
+						array(
+							'expires'  => 0,
+							'path'     => '/',
+							'domain'   => $domain,
+							'httponly' => true,
+							'secure'   => isset( $_SERVER['HTTPS'] ),
+						)
+					);
+				}
+			}
 		}
 	}
 }