diff --git a/.gitignore b/.gitignore
index 666f573..48c1924 100644
--- a/.gitignore
+++ b/.gitignore
@@ -134,6 +134,7 @@ target
 /.project
 /.settings
 /RUNNING_PID
+/knockoutwhistwebfrontend/
 /knockoutwhist/
 /knockoutwhistweb/.g8/
 /knockoutwhistweb/.bsp/
diff --git a/knockoutwhistfrontend b/knockoutwhistfrontend
index a04c370..0b8a179 160000
--- a/knockoutwhistfrontend
+++ b/knockoutwhistfrontend
@@ -1 +1 @@
-Subproject commit a04c370a7509b95385439b7453fdf8d3c7a304ae
+Subproject commit 0b8a1794a0dc3efb280799a5c35386196ffe8727
diff --git a/knockoutwhistweb/app/auth/AuthAction.scala b/knockoutwhistweb/app/auth/AuthAction.scala
index c14b1dc..b802596 100644
--- a/knockoutwhistweb/app/auth/AuthAction.scala
+++ b/knockoutwhistweb/app/auth/AuthAction.scala
@@ -23,12 +23,12 @@ class AuthAction @Inject()(val sessionManager: SessionManager, val parser: BodyP
       case Some(user) =>
         block(new AuthenticatedRequest(user, request))
       case None =>
-        Future.successful(Results.Redirect(routes.UserController.login()))
+        Future.successful(Results.Unauthorized)
     }
   }
 
   protected def getUserFromSession(request: RequestHeader): Option[User] = {
-    val session = request.cookies.get("sessionId")
+    val session = request.cookies.get("accessToken")
     if (session.isDefined)
       return sessionManager.getUserBySession(session.get.value)
     None
diff --git a/knockoutwhistweb/app/controllers/UserController.scala b/knockoutwhistweb/app/controllers/UserController.scala
index 7cd46de..392c7ff 100644
--- a/knockoutwhistweb/app/controllers/UserController.scala
+++ b/knockoutwhistweb/app/controllers/UserController.scala
@@ -1,10 +1,13 @@
 package controllers
 
 import auth.{AuthAction, AuthenticatedRequest}
+import dto.subDTO.UserDTO
 import logic.user.{SessionManager, UserManager}
+import model.users.User
 import play.api.*
 import play.api.libs.json.Json
 import play.api.mvc.*
+import play.api.mvc.Cookie.SameSite.{Lax, None, Strict}
 
 import javax.inject.*
 
@@ -21,22 +24,6 @@ class UserController @Inject()(
                                 val authAction: AuthAction
                               ) extends BaseController {
 
-  def login(): Action[AnyContent] = {
-    Action { implicit request =>
-      val session = request.cookies.get("sessionId")
-      if (session.isDefined) {
-        val possibleUser = sessionManager.getUserBySession(session.get.value)
-        if (possibleUser.isDefined) {
-          Redirect(routes.MainMenuController.mainMenu())
-        } else {
-          Ok(views.html.main("Login")(views.html.login.login()))
-        }
-      } else {
-        Ok(views.html.main("Login")(views.html.login.login()))
-      }
-    }
-  }
-
   def login_Post(): Action[AnyContent] = {
     Action { implicit request =>
       val jsonBody = request.body.asJson
@@ -51,12 +38,17 @@ class UserController @Inject()(
         val possibleUser = userManager.authenticate(username.get, password.get)
         if (possibleUser.isDefined) {
           Ok(Json.obj(
-            "status" -> "success",
-            "redirectUrl" -> routes.MainMenuController.mainMenu().url,
-            "content" -> views.html.mainmenu.creategame(possibleUser).toString
-          )).withCookies(
-            Cookie("sessionId", sessionManager.createSession(possibleUser.get))
-          )
+            "user" -> Json.obj(
+              "id" -> possibleUser.get.id,
+              "username" -> possibleUser.get.name
+            )
+          )).withCookies(Cookie(
+            name = "accessToken",
+            value = sessionManager.createSession(possibleUser.get),
+            httpOnly = true,
+            secure = false,
+            sameSite = Some(Lax)
+          ))
         } else {
           Unauthorized("Invalid username or password")
         }
@@ -65,14 +57,21 @@ class UserController @Inject()(
       }
     }
   }
+  
+  def getUserInfo(): Action[AnyContent] = authAction { implicit request: AuthenticatedRequest[AnyContent] =>
+    val user: User = request.user
+    Ok(Json.obj(
+      "id" -> user.id,
+      "username" -> user.name
+    ))
+  }
 
-  // Pass the request-handling function directly to authAction (no nested Action)
-  def logout(): Action[AnyContent] = authAction { implicit request: AuthenticatedRequest[AnyContent] =>
-    val sessionCookie = request.cookies.get("sessionId")
+  def logoutPost(): Action[AnyContent] = authAction { implicit request: AuthenticatedRequest[AnyContent] =>
+    val sessionCookie = request.cookies.get("accessToken")
     if (sessionCookie.isDefined) {
       sessionManager.invalidateSession(sessionCookie.get.value)
     }
-    Redirect(routes.UserController.login()).discardingCookies(DiscardingCookie("sessionId"))
+    NoContent.discardingCookies(DiscardingCookie("accessToken"))
   }
 
 }
\ No newline at end of file
diff --git a/knockoutwhistweb/app/logic/user/SessionManager.scala b/knockoutwhistweb/app/logic/user/SessionManager.scala
index 4096ffb..d778b6b 100644
--- a/knockoutwhistweb/app/logic/user/SessionManager.scala
+++ b/knockoutwhistweb/app/logic/user/SessionManager.scala
@@ -9,6 +9,7 @@ trait SessionManager {
 
   def createSession(user: User): String
 
+
   def getUserBySession(sessionId: String): Option[User]
 
   def invalidateSession(sessionId: String): Unit
diff --git a/knockoutwhistweb/app/views/mainmenu/navbar.scala.html b/knockoutwhistweb/app/views/mainmenu/navbar.scala.html
index 6ddc4c0..8a9ab75 100644
--- a/knockoutwhistweb/app/views/mainmenu/navbar.scala.html
+++ b/knockoutwhistweb/app/views/mainmenu/navbar.scala.html
@@ -45,15 +45,9 @@
                             <li><a class="dropdown-item disabled" href="#" tabindex="-1" aria-disabled="true">
                                 Settings</a></li>
                             <li><hr class="dropdown-divider"></li>
-                            <li><a class="dropdown-item" href="@routes.UserController.logout()">Logout</a></li>
                         </ul>
                     </li>
                 </ul>
-            } else {
-                <div class="d-flex ms-auto">
-                    <a class="btn btn-outline-primary me-2" href="@routes.UserController.login()">Login</a>
-                    <a class="btn btn-primary" href="@routes.UserController.login()">Sign Up</a>
-                </div>
             }
 
         </div>
diff --git a/knockoutwhistweb/conf/application.conf b/knockoutwhistweb/conf/application.conf
index 1ee3721..3d41095 100644
--- a/knockoutwhistweb/conf/application.conf
+++ b/knockoutwhistweb/conf/application.conf
@@ -13,3 +13,12 @@ auth {
   publicKeyFile = ${?PUBLIC_KEY_FILE}
   publicKeyPem  = ${?PUBLIC_KEY_PEM}
 }
+
+play.filters.enabled += "play.filters.cors.CORSFilter"
+
+play.filters.cors {
+  allowedOrigins = ["http://localhost:5173"]
+  allowedCredentials = true
+  allowedHttpMethods = ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
+  allowedHttpHeaders = ["Accept", "Content-Type", "Origin", "X-Requested-With"]
+}
diff --git a/knockoutwhistweb/conf/routes b/knockoutwhistweb/conf/routes
index c5dfd08..3ef42af 100644
--- a/knockoutwhistweb/conf/routes
+++ b/knockoutwhistweb/conf/routes
@@ -18,10 +18,9 @@ POST        /createGame              controllers.MainMenuController.createGame()
 POST        /joinGame                controllers.MainMenuController.joinGame()
 
 # User authentication routes
-GET         /login                   controllers.UserController.login()
 POST        /login                   controllers.UserController.login_Post()
-
-GET         /logout                  controllers.UserController.logout()
+POST        /logout                  controllers.UserController.logoutPost()
+GET         /userInfo                controllers.UserController.getUserInfo()
 
 # In-game routes
 GET         /game/:id                controllers.IngameController.game(id: String)