diff --git a/server/auth/index.ts b/server/auth/index.ts
index e9a4f01..ccaa811 100644
--- a/server/auth/index.ts
+++ b/server/auth/index.ts
@@ -21,7 +21,7 @@ export default class AuthService {
             
             bcrypt.genSalt(10, (err, salt) => {
                 if (err) throw err;
-                bcrypt.hash(password, salt, async (err, hash) => {
+                bcrypt.hash(password!, salt, async (err, hash) => {
                     if (err) throw err;
                     const newData = {
                         ...data,
diff --git a/server/auth/middlewares.ts b/server/auth/middlewares.ts
new file mode 100644
index 0000000..1735b70
--- /dev/null
+++ b/server/auth/middlewares.ts
@@ -0,0 +1,14 @@
+import { NextFunction, Request, Response } from "express"
+
+export function restrictAccess(req: Request, res: Response, next: NextFunction) {
+    if (!req.isAuthenticated()) {
+        res.status(403).send({ message: "Access forbidden" });
+    } else {
+        next();
+    }
+}
+
+export function checkAccess(req: Request, res: Response, next: NextFunction) {
+    console.log(req.isAuthenticated());
+    next();
+}
\ No newline at end of file
diff --git a/server/loaders/passport.ts b/server/loaders/passport.ts
index 26dfca3..92876f5 100644
--- a/server/loaders/passport.ts
+++ b/server/loaders/passport.ts
@@ -10,16 +10,11 @@ export const passportLoader = async (app: Express) => {
     app.use(passport.session());
 
     passport.serializeUser((user, done) => {
-        process.nextTick(() => {
-            done(null, user);
-        })
+        done(null, user);
     })
 
     passport.deserializeUser((user: IUserAuth, done) => {
-        process.nextTick(async () => {
-            const userData = await AuthInstance.login(user);
-            return userData ? done(null, userData) : done(null, false);
-        })
+        done(null, user);
     })
 
     // sign in method with passport local strategy
diff --git a/server/routes/auth.ts b/server/routes/auth.ts
index 0c90a29..37c70a7 100644
--- a/server/routes/auth.ts
+++ b/server/routes/auth.ts
@@ -1,9 +1,11 @@
-import { Express, Router } from "express"
+import { Express, Request, Router } from "express"
 import { PassportStatic } from "passport";
 import { IUser, IUserAuth } from "../schemas";
 import AuthService from "../auth";
 import { UserCtl } from "../controllers";
 import now from "../util/now";
+import { checkAccess, restrictAccess } from "../auth/middlewares";
+import { Session } from "express-session";
 const AuthInstance = new AuthService();
 const UserControl = new UserCtl();
 
@@ -12,25 +14,37 @@ const router = Router();
 export const authRoute = (app: Express, passport: PassportStatic) => {
     app.use('/auth', router);
 
-    router.get('/', (req, res) => {
-        const data = {
-            session: req.session,
-            user: req.user
+    router.get('/', checkAccess, (req, res, next) => {
+        // @ts-ignore: does not recognize structure of req.user
+        const user = req.user?.user;
+        const userData: IUser = {
+            firstname: user.firstname,
+            lastname: user.lastname,
+            handle: user.handle,
+            email: user.email
         }
-        res.send(JSON.stringify(data));
+        res.send({ user: userData });
+    })
+
+    router.get('/protected', restrictAccess, (req, res, next) => {
+        res.status(200).send({ message: "Cool restricted content!" });
     })
 
     router.post('/login', passport.authenticate('local'), async (req, res, next) => {
         try {
             const data: IUserAuth = req.body;
             const response = await AuthInstance.login(data);
-            console.log(response);
 
             if (response.ok) {
-                req.user = response.user;
-                await UserControl.updateOne(response.user.id, { ...response.user, datemodified: now })
+                req.logIn(response.user, (error: any) => {
+                    if (error) throw error;
+                    console.log('login successful');
+                })
+                // const { id, email, handle, firstname, lastname } = response.user;
+                // await UserControl.updateOne(response.user.id, { ...response.user, datemodified: now })
+                // res.status(200).send({ id: id, handle: handle, firstname: firstname, lastname: lastname });
                 res.cookie('userid', response.user.id, { maxAge: 1000 * 60 * 60 * 24 * 7 });
-                res.status(200).send(response.user);
+                res.end();
             } else {
                 res.status(401).send({ message: "Login unsuccessful" });
             }
@@ -45,7 +59,7 @@ export const authRoute = (app: Express, passport: PassportStatic) => {
                 if (err) throw err;
             })
             res.clearCookie('userid');
-            res.status(204).send({ success: true });
+            res.status(204).send({ message: "Logout successful", success: true });
         } catch(e) {
             next(e);
         }
diff --git a/server/schemas/index.ts b/server/schemas/index.ts
index bced4cb..0d489da 100644
--- a/server/schemas/index.ts
+++ b/server/schemas/index.ts
@@ -16,7 +16,7 @@ export interface IUser extends DBEntity, HasHistory, CanDeactivate {
     lastname: string
     handle: string
     email: string
-    password: string
+    password?: string
 }
 
 export interface IUserAuth {