diff --git a/WebApplication/Application.cpp b/WebApplication/Application.cpp
index 632a6cf..9ef8902 100644
--- a/WebApplication/Application.cpp
+++ b/WebApplication/Application.cpp
@@ -16,6 +16,7 @@
 #include <Wt/Dbo/FixedSqlConnectionPool.h>
 #include <Wt/Dbo/SqlConnectionPool.h>
 #include <Wt/Dbo/backend/Sqlite3.h>
+#include <Wt/Http/Cookie.h>
 #include <Wt/WContainerWidget.h>
 #include <Wt/WEnvironment.h>
 #include <Wt/WServer.h>
@@ -90,6 +91,10 @@ void Application::authEvent() {
             m_loginPageRef = m_navigationBar->addLoginItem(std::move(m_loginPage));
         }
         setInternalPath("/", true);
+        auto app = Amass::Singleton<WebToolkit::Server>::instance();
+        auto &service = app->authService();
+        Wt::Http::Cookie cookie(service.authTokenCookieName(), service.createAuthToken(u));
+        setCookie(cookie);
     } else {
         m_loginPage = m_navigationBar->removeLoginItem();
         LOG(info) << "User logged out.";
@@ -167,7 +172,7 @@ void Server::initializeAuthenticationService() {
     m_passwordService->setStrengthValidator(std::make_unique<Wt::Auth::PasswordStrengthValidator>());
 }
 
-const Wt::Auth::AuthService &Server::authService() {
+Wt::Auth::AuthService &Server::authService() {
     return *m_authService;
 }
 
diff --git a/WebApplication/Application.h b/WebApplication/Application.h
index 62e52c7..5dc837d 100644
--- a/WebApplication/Application.h
+++ b/WebApplication/Application.h
@@ -49,7 +49,7 @@ public:
     ~Server();
 
     void initializeAuthenticationService();
-    const Wt::Auth::AuthService &authService();
+    Wt::Auth::AuthService &authService();
     const Wt::Auth::PasswordService &passwordService();
 
 protected:
diff --git a/WebApplication/Restful.cpp b/WebApplication/Restful.cpp
index 86c79f0..0a02dc6 100644
--- a/WebApplication/Restful.cpp
+++ b/WebApplication/Restful.cpp
@@ -1,22 +1,46 @@
 #include "Restful.h"
+#include "Application.h"
 #include "Database/Session.h"
+#include <Wt/Auth/AuthService.h>
+#include <Wt/Auth/Identity.h>
 #include <Wt/Dbo/Impl.h>
 #include <Wt/Dbo/Json.h>
 #include <Wt/Dbo/backend/Sqlite3.h>
 #include <Wt/Http/Response.h>
+#include <boost/scope/scope_exit.hpp>
 
 DBO_INSTANTIATE_TEMPLATES(MyMessage)
 
 DbStruct *m_dbStruct;
 
 void AuthenticationResource::handleRequest(const Wt::Http::Request &request, Wt::Http::Response &response) {
+    auto app = Amass::Singleton<WebToolkit::Server>::instance();
     auto session = Database::session();
+    auto &service = app->authService();
+
+    auto enabled = service.authTokenUpdateEnabled();
+    boost::scope::scope_exit raii([&enabled, &service] { service.setAuthTokenUpdateEnabled(enabled); });
+    service.setAuthTokenUpdateEnabled(false);
+    Wt::Auth::AuthTokenState state;
+    Wt::Auth::User user;
+    if (service.authTokensEnabled()) {
+        const std::string *token = request.getCookieValue(service.authTokenCookieName());
+        if (token != nullptr) {
+            Wt::Auth::AuthTokenResult result = service.processAuthToken(*token, session->users());
+            state = result.state();
+            if (state == Wt::Auth::AuthTokenState::Valid) {
+                user = result.user();
+            }
+        }
+    }
+    MyMessage message;
+    if (user.isValid()) {
+        message.user = user.identity(Wt::Auth::Identity::LoginName).toUTF8();
+    }
+    LOG(info) << "state: " << (int)state << " " << message.user;
     response.setMimeType("application/json");
     response.addHeader("Server", "Wt");
-
-    MyMessage message;
     message.message = "Hello, World!";
-
     Wt::Dbo::JsonSerializer writer(response.out());
     writer.serialize(message);
 }
diff --git a/WebApplication/Restful.h b/WebApplication/Restful.h
index 00a7a14..6d335c6 100644
--- a/WebApplication/Restful.h
+++ b/WebApplication/Restful.h
@@ -9,10 +9,12 @@
 class MyMessage {
 public:
     std::string message;
+    std::string user;
 
     template <class Action>
     void persist(Action &a) {
         Wt::Dbo::field(a, message, "message");
+        Wt::Dbo::field(a, user, "user");
     }
 };