diff --git a/assets/html/main.html b/assets/html/main.html
index f2f3d31..a61e444 100644
--- a/assets/html/main.html
+++ b/assets/html/main.html
@@ -13,6 +13,7 @@
 	<body> 
 		<ul id="menu">
 			<li>random Value</li>
+			<li>start session</li>
 			<li>login</li>
 		</ul>
 		<div id="sessinfo" class="x-small">
diff --git a/assets/js/init.js b/assets/js/init.js
index a0e6ec6..b36c539 100644
--- a/assets/js/init.js
+++ b/assets/js/init.js
@@ -14,6 +14,10 @@ $(document).ready(function() {
 	});
 
 	$("ul#menu li:eq(1)").click(function() {
+		$.getJSON("/sess/", $.proxy(sess.loadJSON, sess));
+	});
+
+	$("ul#menu li:eq(2)").click(function() {
 		$("#login").removeClass("hide");
 	});
 
diff --git a/assets/js/session.js b/assets/js/session.js
index 2445b1a..0c4350b 100644
--- a/assets/js/session.js
+++ b/assets/js/session.js
@@ -15,6 +15,8 @@ function Session(sId)
 
 Session.prototype.loadJSON = function(data)
 {
+	this.stop();
+
 	this.id       = ("0" == data.id)? "none" : data.id;
 	this.timeout  = data.timeout * 10;
 	this.timeleft = data.timeleft * 10;
diff --git a/src/http/worker/process.c b/src/http/worker/process.c
index 43519a4..bfa60bf 100644
--- a/src/http/worker/process.c
+++ b/src/http/worker/process.c
@@ -24,6 +24,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
+#include <string.h>
 #include <sys/time.h>
 
 #include "class.h"
@@ -116,7 +117,7 @@ httpWorkerProcess(HttpWorker this, Stream st)
 					 * an empty 200 OK
 					 */
 					if (NULL == password || NULL == username) {
-						response = new(HttpResponse, "HTTP/1.1", 200, "OK");
+						response = new(HttpResponse, "HTTP/1.1", 403, "Forbidden");
 					}
 
 					if (NULL == response) {
@@ -126,11 +127,22 @@ httpWorkerProcess(HttpWorker this, Stream st)
 								(char*)(password->value), password->nvalue);
 
 						if (!authenticate(this->auth, cred)) {
-							response = new(HttpResponse, "HTTP/1.1", 200, "OK");
+							response = new(HttpResponse, "HTTP/1.1", 403, "Forbidden");
 						} else {
-							this->session = sessionAdd(
-									this->sroot,
-									new(Session, username->value, username->nvalue));
+							if (NULL == this->session) {
+								this->session = sessionAdd(
+										this->sroot,
+										new(Session,
+											username->value,
+											username->nvalue));
+							} else {
+								this->session->username = malloc(username->nvalue + 1);
+								this->session->username[username->nvalue] = 0;
+								memcpy(this->session->username,
+										username->value,
+										username->nvalue);
+							}
+
 							nbuf = sprintf(buffer,
 									"sid=%lu;Path=/",
 									this->session->id);
@@ -161,6 +173,15 @@ httpWorkerProcess(HttpWorker this, Stream st)
 					response = (HttpMessage)httpResponseSession(this->session);
 				}
 
+				if (0 == strcmp("/sess/", request->path)) {
+					if (NULL == this->session) {
+						this->session = sessionAdd(
+								this->sroot,
+								new(Session, NULL, 0));
+					}
+					response = (HttpMessage)httpResponseSession(this->session);
+				}
+
 				if (0 == strcmp("/randval/", request->path)) {
 					if (NULL != this->session) {
 						response = (HttpMessage)httpResponseRandval(