diff --git a/app/main/controller/accesscontroller.php b/app/main/controller/accesscontroller.php
index 50c1cc28..ef6d8174 100644
--- a/app/main/controller/accesscontroller.php
+++ b/app/main/controller/accesscontroller.php
@@ -20,15 +20,16 @@ class AccessController extends Controller {
      * @param $f3
      */
     function beforeroute($f3) {
+        parent::beforeroute($f3);
 
+        // Any CMS route of a child class of this one, requires a
+        // valid logged in user!
         $loginCheck = $this->_checkLogIn();
 
         if( !$loginCheck ){
             // no user found or LogIn timer expired
             $this->logOut($f3);
         }
-
-        parent::beforeroute($f3);
     }
 
     /**
diff --git a/app/main/controller/api/user.php b/app/main/controller/api/user.php
index b1700700..9a47a397 100644
--- a/app/main/controller/api/user.php
+++ b/app/main/controller/api/user.php
@@ -21,7 +21,6 @@ class User extends Controller\Controller{
      */
     private static $captchaReason = ['createAccount', 'deleteAccount'];
 
-
     /**
      * login function
      * @param $f3
diff --git a/app/main/controller/controller.php b/app/main/controller/controller.php
index a38f2f8c..aebff018 100644
--- a/app/main/controller/controller.php
+++ b/app/main/controller/controller.php
@@ -45,6 +45,9 @@ class Controller {
      */
     function beforeroute($f3) {
 
+        // init user session
+        $this->initSession();
+
         // check if user is in game
         $f3->set('isIngame', self::isIGB() );
 
@@ -71,6 +74,14 @@ class Controller {
         return DB\Database::instance()->getDB($database);
     }
 
+    /**
+     * init new Session handler
+     */
+    protected function initSession(){
+        // init DB Session (not file based)
+        new \DB\SQL\Session($this->getDB('PF'));
+    }
+
     /**
      * get current user model
      * @param int $ttl