diff --git a/Choco-Express-BE-Properties b/Choco-Express-BE-Properties
index 3f67685..80da9ac 160000
--- a/Choco-Express-BE-Properties
+++ b/Choco-Express-BE-Properties
@@ -1 +1 @@
-Subproject commit 3f6768562d49b735b9bc84c2f4c5b120b4b502bd
+Subproject commit 80da9acc6e34b06be6ad342d5efb7625e43949a3
diff --git a/build.gradle b/build.gradle
index 8cd741c..400b9d0 100644
--- a/build.gradle
+++ b/build.gradle
@@ -25,6 +25,7 @@ dependencies {
 
 	// redis
 	implementation 'org.springframework.boot:spring-boot-starter-data-redis'
+	implementation 'org.springframework.session:spring-session-data-redis'
 
 	// spring security
 	implementation 'org.springframework.boot:spring-boot-starter-security'
diff --git a/src/main/java/dgu/choco_express/constant/Constants.java b/src/main/java/dgu/choco_express/constant/Constants.java
index 0f29a30..921cae6 100644
--- a/src/main/java/dgu/choco_express/constant/Constants.java
+++ b/src/main/java/dgu/choco_express/constant/Constants.java
@@ -13,6 +13,7 @@ public class Constants {
             "/api/health-check",
             "/api/auth/sign-up",
             "/api/auth/sign-in",
-            "/oauth2/authorization/kakao"
+            "/oauth2/authorization/kakao",
+            "/login/oauth2/code/kakao"
     );
 }
diff --git a/src/main/java/dgu/choco_express/controller/ChocoController.java b/src/main/java/dgu/choco_express/controller/ChocoController.java
index fe534ee..60e1dc7 100644
--- a/src/main/java/dgu/choco_express/controller/ChocoController.java
+++ b/src/main/java/dgu/choco_express/controller/ChocoController.java
@@ -54,6 +54,9 @@ public ResponseEntity<?> deleteChoco(
             @UserId Long userId,
             @PathVariable Long chocoId
     ) {
-        return ResponseEntity.ok(chocoService.deleteChoco(userId, chocoId));
+        chocoService.deleteChoco(userId, chocoId);
+
+        return ResponseEntity.noContent()
+                .build();
     }
 }
diff --git a/src/main/java/dgu/choco_express/exception/ChocoErrorCode.java b/src/main/java/dgu/choco_express/exception/ChocoErrorCode.java
index 3f1326b..449bdd3 100644
--- a/src/main/java/dgu/choco_express/exception/ChocoErrorCode.java
+++ b/src/main/java/dgu/choco_express/exception/ChocoErrorCode.java
@@ -10,8 +10,12 @@ public enum ChocoErrorCode implements ErrorCode {
     INVALID_CHOCO_TYPE(HttpStatus.BAD_REQUEST, "CHOCO_001", "초코 타입이 유효하지 않습니다."),
     NOT_FOUND_CHOCO(HttpStatus.NOT_FOUND, "CHOCO_002", "해당 초코가 존재하지 않습니다."),
     INVALID_CHOCO_NAME(HttpStatus.BAD_REQUEST, "CHOCO_003", "초코 작성자 이름이 비어있습니다."),
-    CANT_CHOCO_RECURSIVE(HttpStatus.BAD_REQUEST, "CHOCO_004", "자기 자신에게 초코를 보낼 수 없습니다."),
-    INVALID_PAGE_CHOCO(HttpStatus.BAD_REQUEST, "CHOCO_005", "유효하지 않은 페이지 넘버입니다."),
+    INVALID_CHOCO_CONTENT(HttpStatus.BAD_REQUEST, "CHOCO_004", "초코 내용이 비어있습니다."),
+    CANT_CHOCO_RECURSIVE(HttpStatus.BAD_REQUEST, "CHOCO_005", "자기 자신에게 초코를 보낼 수 없습니다."),
+    INVALID_PAGE_CHOCO(HttpStatus.BAD_REQUEST, "CHOCO_006", "유효하지 않은 페이지 넘버입니다."),
+    CANT_READ_CHOCO(HttpStatus.BAD_REQUEST, "CHOCO_007", "읽을 권한이 없는 초코입니다."),
+    CANT_READ_BOX(HttpStatus.BAD_REQUEST, "CHOCO_008", "엿볼 수 없는 박스입니다."),
+    CANT_DELETE_CHOCO(HttpStatus.BAD_REQUEST, "CHOCO_009", "삭제할 권한이 없는 초코입니다."),
     ;
 
     private final HttpStatus status;
diff --git a/src/main/java/dgu/choco_express/security/handler/login/Oauth2SuccessHandler.java b/src/main/java/dgu/choco_express/security/handler/login/Oauth2SuccessHandler.java
index fd42d6a..6130c52 100644
--- a/src/main/java/dgu/choco_express/security/handler/login/Oauth2SuccessHandler.java
+++ b/src/main/java/dgu/choco_express/security/handler/login/Oauth2SuccessHandler.java
@@ -8,6 +8,7 @@
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpSession;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.Authentication;
@@ -25,6 +26,8 @@ public class Oauth2SuccessHandler implements AuthenticationSuccessHandler {
     private String domain;
     private final JwtUtil jwtUtil;
     private final JwtService jwtService;
+    private final HttpSession session;
+
 
     @Override
     @Transactional
@@ -40,6 +43,13 @@ public void onAuthenticationSuccess(
 
         AuthenticationResponse.makeLoginSuccessResponse(response, domain, jwtDto, jwtUtil.getRefreshExpiration());
 
-        response.sendRedirect("https://" + domain);
+        String redirectUrl = (String) session.getAttribute("redirectUrl");
+
+        if (redirectUrl != null) {
+            session.removeAttribute("redirectUrl"); // 사용 후 세션에서 제거
+            response.sendRedirect(redirectUrl);
+        } else {
+            response.sendRedirect("https://" + domain);
+        }
     }
 }
diff --git a/src/main/java/dgu/choco_express/service/choco/ChocoService.java b/src/main/java/dgu/choco_express/service/choco/ChocoService.java
index e4b8442..721f60d 100644
--- a/src/main/java/dgu/choco_express/service/choco/ChocoService.java
+++ b/src/main/java/dgu/choco_express/service/choco/ChocoService.java
@@ -36,17 +36,19 @@ public URI createChoco(
             ChocoCreateRequestDto chocoCreateRequestDto
     ) {
         User currentUser = userRetriever.findById(userId);
-
         Short chocoType = chocoCreateRequestDto.chocoType();
         String chocoNickname = chocoCreateRequestDto.nickname();
         String chocoContents = chocoCreateRequestDto.contents();
         Box currentBox = boxRetriever.findById(boxId);
 
-
         if (chocoType < 1 || chocoType > 6)
             throw CommonException.type(ChocoErrorCode.INVALID_CHOCO_TYPE);
         if (chocoNickname.isEmpty())
             throw CommonException.type(ChocoErrorCode.INVALID_CHOCO_NAME);
+        if (chocoContents.isEmpty())
+            throw CommonException.type(ChocoErrorCode.INVALID_CHOCO_CONTENT);
+        if (currentUser.equals(currentBox.getUser()))
+            throw CommonException.type(ChocoErrorCode.CANT_CHOCO_RECURSIVE);
 
         Choco createdChoco = chocoSaver.saveChoco(
             Choco.from(chocoType, chocoNickname, chocoContents, currentBox)
@@ -91,6 +93,9 @@ public ChocoDetailsResponseDto getChocoDetails(
         User currentUser = userRetriever.findById(userId);
         Choco choco = chocoRetriever.findById(chocoId);
 
+        if (!currentUser.equals(choco.getBox().getUser()))
+            throw CommonException.type(ChocoErrorCode.CANT_READ_CHOCO);
+
         return ChocoDetailsResponseDto.of(choco);
     }
 
@@ -100,6 +105,9 @@ public ChocoPeekResponseDto getChocoPeek(
         User currentUser = userRetriever.findById(userId);
         Box currentBox = boxRetriever.findByUser(currentUser);
 
+        if (!currentUser.equals(currentBox.getUser()))
+            throw CommonException.type(ChocoErrorCode.CANT_READ_BOX);
+
         return ChocoPeekResponseDto.builder()
                 .count(chocoRetriever.findChocoCountByBox(currentBox))
                 .build();
@@ -112,6 +120,9 @@ public Void deleteChoco(
         User currentUser = userRetriever.findById(userId);
         Choco choco = chocoRetriever.findById(chocoId);
 
+        if(!currentUser.equals(choco.getBox().getUser()))
+            throw CommonException.type(ChocoErrorCode.CANT_DELETE_CHOCO);
+
         chocoRemover.deleteChoco(choco);
 
         return null;