diff --git a/src/main/scala/de/tobias/playpad/server/account/Session.scala b/src/main/scala/de/tobias/playpad/server/account/Session.scala
index ee88244b29f9d0b92dacff22df82dbca655bcc1d..32f8ea3cc4e2f6aa0ed6fbddb87ea152b167c795 100644
--- a/src/main/scala/de/tobias/playpad/server/account/Session.scala
+++ b/src/main/scala/de/tobias/playpad/server/account/Session.scala
@@ -5,6 +5,8 @@ import java.sql.Date
 import com.j256.ormlite.field.DatabaseField
 import com.j256.ormlite.table.DatabaseTable
 
+import scala.util.Random
+
 /**
   * Created by tobias on 15.02.17.
   */
@@ -15,11 +17,19 @@ import com.j256.ormlite.table.DatabaseTable
 	@DatabaseField var key: String = _
 	@DatabaseField var createDate: Date = _
 
-	def this(key: String, createDate: Date) {
+	def this(account: Account, key: String) {
 		this()
+		this.account = account
 		this.key = key
-		this.createDate = createDate
+		this.createDate = new Date(System.currentTimeMillis)
 	}
 
 	def getId: Int = id
 }
+
+object Session {
+	private val length = 100
+
+	val alpha = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+	def generateKey(): String = (1 to length).map(_ => alpha(Random.nextInt.abs % alpha.length())).mkString
+}
diff --git a/src/main/scala/de/tobias/playpad/server/server/account/SessionDelete.scala b/src/main/scala/de/tobias/playpad/server/server/account/SessionDelete.scala
new file mode 100644
index 0000000000000000000000000000000000000000..c3bd25e482dfe233eaf63439a5bf46a1b8749f9c
--- /dev/null
+++ b/src/main/scala/de/tobias/playpad/server/server/account/SessionDelete.scala
@@ -0,0 +1,31 @@
+package de.tobias.playpad.server.server.account
+
+import com.j256.ormlite.dao.Dao
+import de.tobias.playpad.server.account.{Account, Session}
+import spark.{Request, Response, Route}
+
+/**
+  * Created by tobias on 15.02.17.
+  */
+class SessionDelete(accountDao: Dao[Account, Int]) extends Route {
+
+	override def handle(request: Request, response: Response): AnyRef = {
+		val username = request.queryParams("username")
+		val password = request.queryParams("password")
+		val key = request.queryParams("key")
+
+		// check account
+		val accounts = accountDao.queryForEq("username", username)
+		if (accounts.size() == 1) {
+			val account = accounts.get(0)
+			if (account.password.equals(password)) {
+				account.sessions.removeIf(s => s.key.equals(key))
+				accountDao.update(account)
+				return "deleted"
+			}
+		}
+
+		null
+	}
+
+}
diff --git a/src/main/scala/de/tobias/playpad/server/server/account/SessionGet.scala b/src/main/scala/de/tobias/playpad/server/server/account/SessionGet.scala
new file mode 100644
index 0000000000000000000000000000000000000000..6a9518565a7036e27091a1c6dfbc9221a63c6214
--- /dev/null
+++ b/src/main/scala/de/tobias/playpad/server/server/account/SessionGet.scala
@@ -0,0 +1,37 @@
+package de.tobias.playpad.server.server.account
+
+import com.google.gson.{JsonArray, JsonObject}
+import com.j256.ormlite.dao.Dao
+import de.tobias.playpad.server.account.{Account, Session}
+import spark.{Request, Response, Route}
+
+/**
+  * Created by tobias on 15.02.17.
+  */
+class SessionGet(accountDao: Dao[Account, Int]) extends Route {
+
+	override def handle(request: Request, response: Response): AnyRef = {
+		val username = request.queryParams("username")
+		val password = request.queryParams("password")
+
+		// check account
+		val accounts = accountDao.queryForEq("username", username)
+		if (accounts.size() == 1) {
+			val account = accounts.get(0)
+			if (account.password.equals(password)) {
+
+				val array = new JsonArray
+				account.sessions.forEach(session => {
+					val jsonObj = new JsonObject
+					jsonObj.addProperty("key", session.key)
+					jsonObj.addProperty("createDate", session.createDate.getTime)
+					array.add(jsonObj)
+				})
+				return array.toString
+			}
+		}
+
+		null
+	}
+
+}
diff --git a/src/main/scala/de/tobias/playpad/server/server/account/SessionPost.scala b/src/main/scala/de/tobias/playpad/server/server/account/SessionPost.scala
new file mode 100644
index 0000000000000000000000000000000000000000..3d693836bb088335e0bd3ece720ff43df1ac833a
--- /dev/null
+++ b/src/main/scala/de/tobias/playpad/server/server/account/SessionPost.scala
@@ -0,0 +1,34 @@
+package de.tobias.playpad.server.server.account
+
+import com.j256.ormlite.dao.Dao
+import de.tobias.playpad.server.account.{Account, Session}
+import spark.{Request, Response, Route}
+
+/**
+  * Created by tobias on 15.02.17.
+  */
+class SessionPost(accountDao: Dao[Account, Int]) extends Route {
+
+	override def handle(request: Request, response: Response): AnyRef = {
+		val username = request.queryParams("username")
+		val password = request.queryParams("password")
+
+		// check account
+		val accounts = accountDao.queryForEq("username", username)
+		if (accounts.size() == 1) {
+			val account = accounts.get(0)
+			if (account.password.equals(password)) {
+
+				val randomKey = Session.generateKey()
+				val session = new Session(account, randomKey)
+
+				account.sessions.add(session)
+				accountDao.update(account)
+				return randomKey
+			}
+		}
+
+		null
+	}
+
+}