diff --git a/cmd/server/main.go b/cmd/server/main.go
index baea7dd..e3619f2 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/rand"
 	"flag"
 	"log"
 	"net"
@@ -16,6 +17,8 @@ import (
 func main() {
 	var confFile string
 
+	cache := make(map[string]string, 20)
+
 	flag.StringVar(&confFile, "c", "/etc/gonotes/conf.toml", "Specify path to config file.")
 	flag.Parse()
 
@@ -33,8 +36,28 @@ func main() {
 
 	etag := middleware.NewETag("static", cacheExpiration)
 
+	if !conf.Conf.Production {
+		router.HandleFunc("/login/", func(w http.ResponseWriter, r *http.Request) {
+			user := r.FormValue("user")
+			log.Printf("Trying to log in %s", user)
+
+			sessionID := rand.Text()
+			cache[sessionID] = user
+
+			// TODO: omg remove this
+			log.Printf("Session id is %s", sessionID)
+
+			cookie := http.Cookie{
+				Name: "id", Value: sessionID, MaxAge: 3600,
+				Secure: true, HttpOnly: true, Path: "/",
+			}
+			http.SetCookie(w, &cookie)
+			http.Redirect(w, r, "/notes/", http.StatusFound)
+		})
+	}
+
 	router.Handle("/", middleware.LoggingMiddleware(http.RedirectHandler("/notes/", http.StatusFound)))
-	router.Handle("/notes/", middleware.LoggingMiddleware(http.StripPrefix("/notes", notesRouter)))
+	router.Handle("/notes/", middleware.SessionMiddleware(cache, middleware.LoggingMiddleware(http.StripPrefix("/notes", notesRouter))))
 	router.Handle(
 		"/static/",
 		middleware.LoggingMiddleware(
diff --git a/go.mod b/go.mod
index b383f6e..8f27dd2 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module forgejo.gwairfelin.com/max/gonotes
 
-go 1.23.5
+go 1.24.5
 
 require github.com/yuin/goldmark v1.7.8
 
diff --git a/internal/conf/conf.go b/internal/conf/conf.go
index 8815efc..114fc3a 100644
--- a/internal/conf/conf.go
+++ b/internal/conf/conf.go
@@ -54,11 +54,12 @@ func (asset *Asset) fetchIfNotExists(staticPath string) {
 }
 
 type Config struct {
-	Address   string
-	Protocol  string
-	Extension string
-	NotesDir  string
-	LogAccess bool
+	Address    string
+	Protocol   string
+	Extension  string
+	NotesDir   string
+	LogAccess  bool
+	Production bool
 }
 
 var (
diff --git a/internal/middleware/session.go b/internal/middleware/session.go
new file mode 100644
index 0000000..1e19825
--- /dev/null
+++ b/internal/middleware/session.go
@@ -0,0 +1,34 @@
+// Middleware to deal with sessions
+package middleware
+
+import (
+	"context"
+	"log"
+	"net/http"
+)
+
+func SessionMiddleware(cache map[string]string, next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		sessionCookie, err := r.Cookie("id")
+		// No session yet
+		if err != nil {
+			http.Redirect(w, r, "/login/", http.StatusUnauthorized)
+			return
+		}
+
+		user, ok := cache[sessionCookie.Value]
+
+		// Session expired
+		if !ok {
+			http.Redirect(w, r, "/login/", http.StatusUnauthorized)
+			return
+		}
+
+		log.Printf("User is %s", user)
+
+		ctx := r.Context()
+		ctx = context.WithValue(ctx, "user", user)
+
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}