diff --git a/server.js b/server.js
index b233ca6..ba1e1a4 100644
--- a/server.js
+++ b/server.js
@@ -8,7 +8,12 @@ var path = require('path');
 var favicon = require('serve-favicon');
 var bodyParser = require('body-parser');
 var cookieParser = require('cookie-parser');
+var session = require('express-session');
+var SQLiteStore = require('connect-sqlite3')(session);
 var bcrypt = require('bcrypt');
+var passport = require('passport');
+// TODO: gegen SQLITE ersetzen
+var LocalStrategy = require('passport-local').Strategy;
 
 // Express-Einstellungen
 app.set('views', path.join(__dirname, 'views'));
@@ -19,7 +24,18 @@ app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({
   extended: false
 }));
-app.use(cookieParser());
+// TODO: secret pruefen und ggf. aus app_cfg laden
+app.use(cookieParser('secret'));
+app.use(session({
+  store: new SQLiteStore,
+  secret: 'secret',
+  resave: false,
+  saveUninitialized: true,
+  cookie: { maxAge: 60 * 60 * 1000 } // 1 hour
+}));
+
+app.use(passport.initialize());
+app.use(passport.session());
 
 // Scripte einbinden
 var app_cfg = require('./server/app_cfg.js');
@@ -27,7 +43,8 @@ var sql_cfg = require('./server/sql_cfg')(bcrypt, app_cfg);
 var sql = require('./server/sql_qry')(sql_cfg)
 var waip_io = require('./server/waip_io')(io, sql, async, app_cfg);
 var udp = require('./server/udp')(app_cfg, waip_io);
-var routes = require('./server/routing')(app, sql, app_cfg);
+var auth = require('./server/auth')(app_cfg, sql_cfg, bcrypt, passport, LocalStrategy);
+var routes = require('./server/routing')(app, sql, app_cfg, passport);
 
 // Server starten
 server.listen(app_cfg.global.webport, function() {