diff --git a/inc/fftcgsocket.coffee b/inc/fftcgsocket.coffee
index 66653f6..e2320de 100644
--- a/inc/fftcgsocket.coffee
+++ b/inc/fftcgsocket.coffee
@@ -5,10 +5,14 @@ path = (require 'path')
 # my libraries
 FFTCGDB = (require './fftcgdb')
 
-FFTCGSOCKET = (http, dbfile) ->
+FFTCGSOCKET = (http, dbfile, session) ->
   that = @
-  # create server socket, open fftcg.db
+
+  # create server socket
   @io = socketio http
+  @io.use session
+
+  # open fftcg db
   @db = new FFTCGDB dbfile
 
   # on new connection
@@ -20,16 +24,13 @@ FFTCGSOCKET = (http, dbfile) ->
 FFTCGSOCKET::__connection = (socket) ->
   that = @
 
-  # offer server socket id
-  socket.emit 'serverid', socket.id
-
-  # accept client side id
-  socket.on 'clientid', (clientid) ->
-    @clientid = clientid
-    console.log "user '#{@clientid}' connected"
+  @session = socket.handshake.session
+  console.log "session '#{@session.id}' connected"
+  console.log "is user '#{@session.userID}'" if @session.userID
 
   socket.on 'disconnect', ->
-    console.log "user '#{@clientid}' disconnected"
+    console.log "session '#{that.session.id}' disconnected"
+    console.log "is user '#{that.session.userID}'" if that.session.userID
 
   socket.on 'register', (login, password) ->
     that.__register login, password
@@ -38,9 +39,13 @@ FFTCGSOCKET::__connection = (socket) ->
     that.__login login, password
 
 FFTCGSOCKET::__login = (login, password) ->
+  that = @
+
   console.log '__login:', login, password
   @db.login login, password
     .then (login) ->
+      that.session.userID = login
+      that.session.save()
       console.log 'Login OK "%s"', login
     .catch (err) ->
       console.error 'error: "%s"', err
diff --git a/package.json b/package.json
index 2540967..bdf51a6 100644
--- a/package.json
+++ b/package.json
@@ -43,6 +43,8 @@
     "bcrypt": "^3.0.2",
     "coffeescript": "^2.3.2",
     "express": "^4.16.4",
+    "express-session": "^1.15.6",
+    "express-socket.io-session": "^1.3.5",
     "helmet": "^3.15.0",
     "pug": "^2.0.3",
     "socket.io": "^2.2.0",
diff --git a/server.coffee b/server.coffee
index 9dd2a39..a6533bd 100644
--- a/server.coffee
+++ b/server.coffee
@@ -1,5 +1,7 @@
 # node libraries
 express = (require 'express')
+expressSession = (require 'express-session')
+sharedSession = (require 'express-socket.io-session')
 helmet = (require 'helmet')
 http = (require 'http')
 path = (require 'path')
@@ -7,13 +9,32 @@ path = (require 'path')
 # my libraries
 FFTCGSOCKET = (require './inc/fftcgsocket')
 
-# express + socket framework
+# express framework
 app = express()
 app.use helmet()
 
+# sessions
+session =
+  secret: 'keyboard cat'
+  cookie:
+    httpOnly: true
+    sameSite: 'strict'
+  proxy: true
+  resave: true
+  saveUninitialized: true
+
+if app.get 'env' == 'production'
+  app.set 'trust proxy', 1
+  session.cookie.secure = true
+
+sessionMiddleware = expressSession session
+app.use sessionMiddleware
+
 # Static content
 app.use express.static path.resolve(__dirname, 'public_html')
 
+
+
 # Templates
 app.set 'view engine', 'pug'
 app.get '/:template.html', (req, res) ->
@@ -24,7 +45,12 @@ web = http.Server app
 web.listen 3000, ->
   console.log '[FFTCG] Listening on port 3000 ...'
 
-socket = new FFTCGSOCKET web, path.resolve(__dirname, 'fftcg.db')
+# socket.io
+socket = new FFTCGSOCKET(
+  web,
+  path.resolve(__dirname, 'fftcg.db'),
+  sharedSession sessionMiddleware
+)
 
 # Handle termination
 process.on 'SIGINT', ->
diff --git a/src/index.coffee b/src/index.coffee
index 7c39523..802e517 100644
--- a/src/index.coffee
+++ b/src/index.coffee
@@ -11,21 +11,6 @@ $ ->
 
   # init Socket.IO
   socket = io()
-  console.log socket
-
-  require './index/localStorage.coffee'
-
-
-
-  socket.on 'id', (socketid) ->
-    if storageAvailable 'localStorage'
-      myid = localStorage.getItem 'myid'
-      if not myid
-        localStorage.setItem 'myid', socketid
-        myid = socketid
-
-      console.log "id is '#{myid}'"
-      socket.emit 'id', myid
 
   # login form
   $('form[name="login"]').submit ->
diff --git a/src/index/localStorage.coffee b/src/index/localStorage.coffee
deleted file mode 100644
index ee3d3e2..0000000
--- a/src/index/localStorage.coffee
+++ /dev/null
@@ -1,21 +0,0 @@
-window.storageAvailable = (type) ->
-  try
-    storage = window[type]
-    x = '__storage_test__'
-    storage.setItem x, x
-    storage.removeItem x
-    true
-
-  catch e
-    e instanceof DOMException and
-      # everything except Firefox
-      (e.code == 22 or
-      # Firefox
-      e.code == 1014 or
-      # test name field too, because code might not be present
-      # everything except Firefox
-      e.name == 'QuotaExceededError' or
-      # Firefox
-      e.name == 'NS_ERROR_DOM_QUOTA_REACHED') and
-      # acknowledge QuotaExceededError only if there's something already stored
-      storage.length != 0