diff --git a/modules/api/api.js b/modules/api/api.js
index e7a6259..299b0d2 100644
--- a/modules/api/api.js
+++ b/modules/api/api.js
@@ -22,7 +22,6 @@ const express = require('express')
 const bodyParser = require('body-parser')
 const busboy = require('connect-busboy')
 const cookieParser = require('cookie-parser')
-const session = require('express-session')
 const uuidv4 = require('uuid/v4') // TODO: deprecated, but imports are not supported
 const fs = require('fs')
 const app = express()
@@ -70,29 +69,8 @@ function CreateDB () {
 }
 CreateDB()
 
-// TODO: https and testing
-// var app = express()
-// var sess = {
-//   secret: 'keyboard cat',
-//   cookie: {}
-// }
-//
-// if (app.get('env') === 'production') {
-//   app.set('trust proxy', 1) // trust first proxy
-//   sess.cookie.secure = true // serve secure cookies
-// }
-//
-// app.use(session(sess))
-
 const cookieSecret = uuidv4()
-app.use(session({
-  secret: cookieSecret,
-  resave: false,
-  saveUninitialized: true
-}))
-app.use(cookieParser({
-  secret: cookieSecret
-}))
+app.use(cookieParser(cookieSecret))
 app.use(bodyParser.urlencoded({
   limit: '10mb',
   extended: true
@@ -157,10 +135,6 @@ app.post('/login', (req, res) => {
   if (user) {
     const sessionID = uuidv4()
 
-    // Setting session
-    req.session.user = user
-    req.session.sessionID = sessionID
-
     // FIXME: Users now can only log in in one session, this might be too strict.
     const existingSessions = dbtools.Select(authDB, 'sessions', {
       userID: user.id
@@ -207,12 +181,6 @@ app.post('/login', (req, res) => {
 app.post('/logout', (req, res) => {
   logger.LogReq(req)
   const sessionID = req.cookies.sessionID
-  const userID = req.session.user.id
-
-  // destroying session
-  req.session.destroy(function () {
-    logger.Log(`User ${userID} logout`, logger.GetColor('cyan'))
-  })
 
   // removing session from db
   dbtools.Delete(authDB, 'sessions', {
diff --git a/modules/api/auth.middleware.js b/modules/api/auth.middleware.js
index cb152a7..29fe2b9 100644
--- a/modules/api/auth.middleware.js
+++ b/modules/api/auth.middleware.js
@@ -10,7 +10,7 @@ module.exports = function (options) {
   const { authDB } = options
 
   return function (req, res, next) {
-    const sessionID = req.cookies.sessionID || req.session.id
+    const sessionID = req.cookies.sessionID
     const isException = exceptions.some((exc) => {
       return req.url === exc
     })
@@ -21,8 +21,7 @@ module.exports = function (options) {
       return
     }
 
-    const user = req.session.user || GetUserBySessionID(authDB, sessionID, req)
-    console.log(req.session)
+    const user = GetUserBySessionID(authDB, sessionID, req)
 
     // update 'sessiosn' table 'lastAccess' stuff
     if (sessionID) {
@@ -70,8 +69,6 @@ function GetUserBySessionID (db, sessionID, req) {
   })[0]
 
   if (user) {
-    req.session.user = user
-    req.session.id = sessionID
     return user
   }
 }
diff --git a/package.json b/package.json
index 449ef88..04b532c 100755
--- a/package.json
+++ b/package.json
@@ -9,7 +9,6 @@
     "ejs": "^1.0.0",
     "express": "^4.6.1",
     "express-ejs-layouts": "^1.1.0",
-    "express-session": "^1.17.0",
     "sqlite3": "^4.1.1",
     "uuid": "^7.0.3",
     "vhost": "^3.0.2"