diff --git a/app.js b/app.js
index 0d698f6..e3f3bff 100644
--- a/app.js
+++ b/app.js
@@ -13,6 +13,9 @@ var tools = require("./src/Tools.js");
 //load settings
 var settings = require("./src/Settings.js");
 
+//load api handler
+var sessionAPIHandler = require("./src/Session.api.js");
+
 //initialize couch connector
 cradle.setup(settings.couchdb);
 var couch = new(cradle.Connection);
@@ -64,92 +67,7 @@ app.use(function(req, res, next) {
 app.use("/", express.static(__dirname + '/static'));
 
 //API: /session
-app.use("/session", function(req, res) {
-	res.setHeader("Content-Type", "application/json");
-
-	//refresh session and return login status
-	if(req.method == "GET") {
-		if(req.session.data.login == true) {
-			if(new Date() - req.session.data.lastActivity < 5 * 60 * 1000) {
-				req.session.data.lastActivity = new Date();
-			} else {
-				req.session.data.login = false;
-			}
-		}
-		res.send(200, JSON.stringify({
-			"success": true,
-			"login": req.session.data.login
-		}));
-	}
-
-	//check user credentials, update session data
-	if(req.method == "PUT") {
-		//already logged in?
-		if(req.session.data.login == true) {
-			res.send(200, JSON.stringify({
-				"success": false,
-				"error": "You are already logged in!"
-			}));
-			return;
-		}
-
-		var params = req.body;
-		//username or password missing?
-		if(tools.reqParamsGiven(["username", "password"], params) == false) {
-			res.send(200, JSON.stringify({
-				"success": false,
-				"error": "Insufficient parameters given! Need: username, password"
-			}));
-			return;
-		}
-		//check if user exists
-		db.get(params.username, function (err, doc) {
-			if(!err && doc.type == "user") {
-				//user exists, verify password
-				scrypt.verifyHash(user.auth, params.password, function(err, match) {
-					if(err || match == false) {
-						res.send(200, JSON.stringify({
-							"success": false,
-							"error": "Invalid login credentials!"
-						}));
-						return;
-					}
-					if(!err && match == true) {
-						req.session.data.login = true;
-						req.session.data.lastActivity = new Date();
-						res.send(200, JSON.stringify({
-							"success": true
-						}));
-						return;
-					}
-				});
-			} else {
-				//user does not exist.
-				res.send(200, JSON.stringify({
-					"success": false,
-					"error": "Invalid login credentials!"
-				}));
-				return;
-			}
-		});
-	}
-
-	//destroy the session
-	if(req.method == "DELETE") {
-		//only do logout if login exists
-		if(req.session.data.login == false) {
-			res.send(200, JSON.stringify({
-				"success": false,
-				"error": "Cannot log you out, you are not logged in!"
-			}));
-		} else {
-			req.session.data.login = false;
-			res.send(200, JSON.stringify({
-				"success": true
-			}));
-		}
-	}
-});
+app.use("/session", new sessionAPIHandler(db));
 
 //API: /user
 app.use("/user", function(req, res) {
diff --git a/src/Session.api.js b/src/Session.api.js
new file mode 100644
index 0000000..f4f3599
--- /dev/null
+++ b/src/Session.api.js
@@ -0,0 +1,98 @@
+var scrypt = require("scrypt");
+var tools = require("./Tools.js");
+
+var constructor = function(db) {
+	var db = db;
+
+	var handler = function(req, res) {
+		res.setHeader("Content-Type", "application/json");
+
+		//refresh session and return login status
+		if(req.method == "GET") {
+			if(req.session.data.login == true) {
+				if(new Date() - req.session.data.lastActivity < 5 * 60 * 1000) {
+					req.session.data.lastActivity = new Date();
+				} else {
+					req.session.data.login = false;
+				}
+			}
+			res.send(200, JSON.stringify({
+				"success": true,
+				"login": req.session.data.login
+			}));
+		}
+
+		//check user credentials, update session data
+		if(req.method == "PUT") {
+			//already logged in?
+			if(req.session.data.login == true) {
+				res.send(200, JSON.stringify({
+					"success": false,
+					"error": "You are already logged in!"
+				}));
+				return;
+			}
+
+			var params = req.body;
+			//username or password missing?
+			if(tools.reqParamsGiven(["username", "password"], params) == false) {
+				res.send(200, JSON.stringify({
+					"success": false,
+					"error": "Insufficient parameters given! Need: username, password"
+				}));
+				return;
+			}
+			//check if user exists
+			db.get(params.username, function (err, doc) {
+				console.log(["dbgetuser", arguments]);
+				if(!err && doc.type == "user") {
+					//user exists, verify password
+					scrypt.verifyHash(doc.auth, params.password, function(err, match) {
+						if(err || match == false) {
+							res.send(200, JSON.stringify({
+								"success": false,
+								"error": "Invalid login credentials!"
+							}));
+							return;
+						}
+						if(!err && match == true) {
+							req.session.data.login = true;
+							req.session.data.lastActivity = new Date();
+							res.send(200, JSON.stringify({
+								"success": true
+							}));
+							return;
+						}
+					});
+				} else {
+					//user does not exist.
+					res.send(200, JSON.stringify({
+						"success": false,
+						"error": "Invalid login credentials!"
+					}));
+					return;
+				}
+			});
+		}
+
+		//destroy the session
+		if(req.method == "DELETE") {
+			//only do logout if login exists
+			if(req.session.data.login == false) {
+				res.send(200, JSON.stringify({
+					"success": false,
+					"error": "Cannot log you out, you are not logged in!"
+				}));
+			} else {
+				req.session.data.login = false;
+				res.send(200, JSON.stringify({
+					"success": true
+				}));
+			}
+		}
+	};
+
+	return handler;
+};
+
+module.exports = constructor;
\ No newline at end of file