diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..feaf2cd
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,13 @@
+{
+    "rest-client.environmentVariables": {
+        "$shared": {},
+        "local": {
+            "host": "localhost",
+            "port": "12345"
+        },
+        "docker": {
+            "host": "localhost",
+            "port": "11001"
+        }
+    }
+}
diff --git a/Dockerfile b/Dockerfile
index 1f11d57..c222ce8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,6 +14,7 @@ FROM node:${NODE_VERSION}-alpine
 WORKDIR /app
 COPY --from=builder /app/node_modules node_modules/
 COPY --from=builder /app/index.js .
+COPY --from=builder /app/src src/
 USER node
 EXPOSE 12345
 ENV NODE_ENV=production
diff --git a/index.js b/index.js
index 0cf04cd..94dbe9d 100644
--- a/index.js
+++ b/index.js
@@ -3,9 +3,10 @@ dotenv.config();
 import express from "express";
 import expressWs from "express-ws";
 import morgan from "morgan";
-import { initWebsocket } from "./websocket.js";
-import { initAuth } from "./auth.js";
-import { close as closeDbConnection, initDbConnection, db } from "./db.js";
+import cookieParser from "cookie-parser";
+import { initWebsocket } from "./src/websocket.js";
+import { initAuth } from "./src/auth.js";
+import { close as closeDbConnection, initDbConnection, db } from "./src/db.js";
 const app = express();
 const appWs = expressWs(app);
 const port = 12345;
@@ -18,6 +19,7 @@ process.on('exit', function() {
 
 app.use(morgan(process.env.production ? 'common' : 'dev'));
 app.use(express.json());
+app.use(cookieParser());
 
 await initDbConnection();
 
diff --git a/package-lock.json b/package-lock.json
index 74abbc9..f71eeee 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,6 +10,7 @@
       "license": "ISC",
       "dependencies": {
         "@types/express": "^5.0.3",
+        "cookie-parser": "^1.4.7",
         "dotenv": "^17.2.3",
         "express": "^5.1.0",
         "express-ws": "^5.0.2",
@@ -269,6 +270,25 @@
         "node": ">= 0.6"
       }
     },
+    "node_modules/cookie-parser": {
+      "version": "1.4.7",
+      "resolved": "https://registry.npmjs.org/cookie-parser/-/cookie-parser-1.4.7.tgz",
+      "integrity": "sha512-nGUvgXnotP3BsjiLX2ypbQnWoGUPIIfHQNZkkC668ntrzGWEZVW70HDEB1qnNGMicPje6EttlIgzo51YSwNQGw==",
+      "license": "MIT",
+      "dependencies": {
+        "cookie": "0.7.2",
+        "cookie-signature": "1.0.6"
+      },
+      "engines": {
+        "node": ">= 0.8.0"
+      }
+    },
+    "node_modules/cookie-parser/node_modules/cookie-signature": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
+      "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==",
+      "license": "MIT"
+    },
     "node_modules/cookie-signature": {
       "version": "1.2.2",
       "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz",
diff --git a/package.json b/package.json
index bc74bb5..6c534f3 100644
--- a/package.json
+++ b/package.json
@@ -12,6 +12,7 @@
   },
   "dependencies": {
     "@types/express": "^5.0.3",
+    "cookie-parser": "^1.4.7",
     "dotenv": "^17.2.3",
     "express": "^5.1.0",
     "express-ws": "^5.0.2",
diff --git a/requests/test.http b/requests/test.http
index 8a65ad5..937e930 100644
--- a/requests/test.http
+++ b/requests/test.http
@@ -1,5 +1,7 @@
 
-POST http://localhost:12345/auth/login HTTP/1.1
+@url = http://{{host}}:{{port}}
+
+POST {{url}}/auth/login HTTP/1.1
 content-type: application/json
 
 {
diff --git a/auth.js b/src/auth.js
similarity index 77%
rename from auth.js
rename to src/auth.js
index 7eb2a9a..53a3952 100644
--- a/auth.js
+++ b/src/auth.js
@@ -4,10 +4,35 @@ let db;
 let users;
 
 export function initAuth(app, db) {
+    app.use(checkSessionToken);
     users = db.collection('users');
     app.post('/auth/login', loginUser);
 }
 
+async function checkSessionToken(req, res, next) {
+    
+    if (req.path.startsWith("/auth/")) {
+        next();
+        return;
+    }
+
+    const token = req.cookies.jeopardytoken;
+    
+    let user = await users.findOne({sessiontoken: token});
+
+    if (user === null) {
+        res.sendStatus(401);
+        return;
+    }
+
+    req.user = {
+        role: user.role,
+        username: user.username
+    }
+
+    next();
+}
+
 async function loginUser(req, res) {
     const username = req.body.username;
     const password = req.body.password;
@@ -30,7 +55,7 @@ async function loginUser(req, res) {
             maxAge: 1e3 * 60 * 60 * 24
         })
 
-        res.sendStatus(200);
+        res.status(200).send(username);
     } else {
         res.sendStatus(403);
     }
diff --git a/db.js b/src/db.js
similarity index 100%
rename from db.js
rename to src/db.js
diff --git a/websocket.js b/src/websocket.js
similarity index 100%
rename from websocket.js
rename to src/websocket.js