diff --git a/Cargo.lock b/Cargo.lock
index 93ee898..e58f6e5 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -38,6 +38,20 @@ dependencies = [
  "cpufeatures",
 ]
 
+[[package]]
+name = "aes-gcm"
+version = "0.10.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1"
+dependencies = [
+ "aead",
+ "aes",
+ "cipher",
+ "ctr",
+ "ghash",
+ "subtle",
+]
+
 [[package]]
 name = "aes-gcm-siv"
 version = "0.11.1"
@@ -109,11 +123,15 @@ name = "anyhow"
 version = "1.0.86"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b3d1d046238990b9cf5bcde22a3fb3584ee5cf65fb2765f454ed428c7a0063da"
+dependencies = [
+ "backtrace",
+]
 
 [[package]]
 name = "app"
 version = "0.1.0"
 dependencies = [
+ "anyhow",
  "base64 0.22.1",
  "bincode",
  "cfg-if",
@@ -353,6 +371,15 @@ dependencies = [
  "constant_time_eq",
 ]
 
+[[package]]
+name = "block-buffer"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
+dependencies = [
+ "generic-array",
+]
+
 [[package]]
 name = "brotli"
 version = "6.0.0"
@@ -536,7 +563,14 @@ version = "0.18.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747"
 dependencies = [
+ "aes-gcm",
+ "base64 0.22.1",
+ "hkdf",
+ "hmac",
  "percent-encoding",
+ "rand",
+ "sha2",
+ "subtle",
  "time",
  "version_check",
 ]
@@ -686,6 +720,17 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "digest"
+version = "0.10.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
+dependencies = [
+ "block-buffer",
+ "crypto-common",
+ "subtle",
+]
+
 [[package]]
 name = "drain_filter_polyfill"
 version = "0.1.3"
@@ -947,6 +992,16 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "ghash"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1"
+dependencies = [
+ "opaque-debug",
+ "polyval",
+]
+
 [[package]]
 name = "gimli"
 version = "0.29.0"
@@ -1046,6 +1101,24 @@ version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024"
 
+[[package]]
+name = "hkdf"
+version = "0.12.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7"
+dependencies = [
+ "hmac",
+]
+
+[[package]]
+name = "hmac"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
+dependencies = [
+ "digest",
+]
+
 [[package]]
 name = "html-escape"
 version = "0.2.13"
@@ -2491,6 +2564,7 @@ version = "0.1.0"
 dependencies = [
  "app",
  "axum",
+ "cookie",
  "leptos",
  "leptos_axum",
  "qbittorrent-rs",
@@ -2561,6 +2635,17 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "sha2"
+version = "0.10.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
 [[package]]
 name = "sharded-slab"
 version = "0.1.7"
diff --git a/app/Cargo.toml b/app/Cargo.toml
index b79fde6..f3e7e78 100644
--- a/app/Cargo.toml
+++ b/app/Cargo.toml
@@ -26,6 +26,7 @@ qbittorrent-rs-proto = { path = "../qbittorrent_rs_proto" }
 simple_crypt = { version = "0.2.3", optional = true }
 bincode      = { version = "1.3.3", optional = true }
 base64       = { version = "0.22.1", optional = true }
+anyhow.workspace = true
 
 [features]
 default = []
diff --git a/app/src/auth.rs b/app/src/auth.rs
index 5652df9..ebdeb61 100644
--- a/app/src/auth.rs
+++ b/app/src/auth.rs
@@ -8,12 +8,30 @@ pub mod ssr {
     use qbittorrent_rs::QbtClient;
     use serde::{Deserialize, Serialize};
 
+    pub static AUTH_COOKIE: &str = "bt-session";
+    pub static REMOVE_COOKIE: &str = "bt-session=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT";
+
     pub fn use_qbt() -> Result<QbtClient, ServerFnError> {
         use_context::<QbtClient>()
             .ok_or_else(|| ServerFnError::ServerError("Qbt client missing.".into()))
     }
 
-    #[derive(Serialize, Deserialize, PartialEq, Debug)]
+    pub fn auth() -> Result<Option<Session>, ServerFnError> {
+        let session = use_context::<Session>();
+        Ok(session)
+    }
+
+    #[derive(Serialize, Deserialize, PartialEq, Debug, Clone)]
+    pub struct AuthSession {
+        pub session: Option<Session>,
+    }
+    impl AuthSession {
+        pub fn new(session: Option<Session>) -> Self {
+            Self { session }
+        }
+    }
+
+    #[derive(Serialize, Deserialize, PartialEq, Debug, Clone)]
     pub struct Session {
         sid: String,
     }
@@ -23,7 +41,7 @@ pub mod ssr {
         }
     }
 
-    #[tracing::instrument]
+    #[tracing::instrument(skip_all)]
     pub fn set_session(session: Session) -> Result<(), ServerFnError> {
         if let Some(res) = leptos::context::use_context::<leptos_axum::ResponseOptions>() {
             let encoded: Vec<u8> = bincode::serialize(&session).unwrap();
@@ -40,21 +58,12 @@ pub mod ssr {
         }
     }
 
-    #[tracing::instrument]
-    pub fn get_session(session: Session) -> Result<(), ServerFnError> {
-        if let Some(res) = leptos::context::use_context::<leptos_axum::ResponseOptions>() {
-            let encoded: Vec<u8> = bincode::serialize(&session).unwrap();
-            let value = simple_crypt::encrypt(&encoded, b"test-password-please-ignore").unwrap();
-            let value = base64::prelude::BASE64_STANDARD.encode(value);
-            res.insert_header(
-                header::SET_COOKIE,
-                header::HeaderValue::from_str(&format!("bt-session={value}; path=/; HttpOnly"))
-                    .expect("header value couldn't be set"),
-            );
-            Ok(())
-        } else {
-            Err(ServerFnError::ServerError("No ".to_string()))
-        }
+    #[tracing::instrument(skip_all)]
+    pub fn get_session(sealed_token: String) -> Result<Session, anyhow::Error> {
+        let sealed_bytes = base64::prelude::BASE64_STANDARD.decode(sealed_token)?;
+        let encoded = simple_crypt::decrypt(&sealed_bytes, b"test-password-please-ignore").unwrap();
+        let session: Session = bincode::deserialize(&encoded).unwrap();
+        Ok(session)
     }
 }
 
@@ -70,3 +79,10 @@ pub async fn login(username: String, password: String) -> Result<(), ServerFnErr
 
     Ok(())
 }
+
+#[server]
+pub async fn has_auth() -> Result<bool, ServerFnError> {
+    let auth = self::ssr::auth()?;
+
+    Ok(auth.is_some())
+}
diff --git a/app/src/lib.rs b/app/src/lib.rs
index 98391f3..6c27160 100644
--- a/app/src/lib.rs
+++ b/app/src/lib.rs
@@ -1,9 +1,10 @@
-mod auth;
+pub mod auth;
 mod routes;
 
 use crate::error_template::{AppError, ErrorTemplate};
 
-use leptos::prelude::*;
+use auth::{has_auth, Login};
+use leptos::{either::Either, prelude::*};
 use leptos_meta::*;
 use leptos_router::{components::*, StaticSegment};
 
@@ -22,7 +23,7 @@ pub fn shell(options: LeptosOptions) -> impl IntoView {
                 <HydrationScripts options/>
                 <MetaTags />
             </head>
-            <body class="bg-white text-slate-950 dark:bg-slate-950 dark:text-white">
+            <body class="bg-background text-foreground ">
                 <App />
             </body>
         </html>
@@ -34,6 +35,10 @@ pub fn App() -> impl IntoView {
     // Provides context that manages stylesheets, titles, meta tags, etc.
     provide_meta_context();
 
+    let login = ServerAction::<Login>::new();
+    let is_auth = Resource::new(move || login.version(), move |_| has_auth());
+    let auth = Signal::derive(move || is_auth.get().map(|v| v.unwrap_or(false)).unwrap_or(false));
+
     view! {
         <Stylesheet id="leptos" href="/pkg/bittower.css"/>
 
@@ -43,16 +48,19 @@ pub fn App() -> impl IntoView {
         // content for this welcome page
         <Router>
             <Navbar>
-                <NavbarBrand>"bit-tower"</NavbarBrand>
+                <NavbarBrand class="font-display">"bit-tower"</NavbarBrand>
+                <ul class="p-2 font-cubic">
+                    <A href="/login">login</A>
+                </ul>
             </Navbar>
-            <main class="pt-9">
+            <main class="pt-9 bg-background">
                 <FlatRoutes fallback=|| {
 
             let mut outside_errors = Errors::default();
             outside_errors.insert_with_default_key(AppError::NotFound);
             view! { <ErrorTemplate outside_errors/> }.into_view()
         }>
-                    <Route path=StaticSegment("") view=HomePage/>
+                    <Route path=StaticSegment("") view=move || view! { <HomePage is_auth=auth action=login /> } />
                 </FlatRoutes>
             </main>
         </Router>
@@ -61,13 +69,39 @@ pub fn App() -> impl IntoView {
 
 /// Renders the home page of your application.
 #[component]
-fn HomePage() -> impl IntoView {
-    // Creates a reactive value to update the button
-    let (count, set_count) = signal(0);
-    let on_click = move |_| set_count.update(|count| *count += 1);
+fn HomePage(is_auth: Signal<bool>, action: ServerAction<Login>) -> impl IntoView {
+    let res = move || {
+        if is_auth() {
+            Either::Left(view! {
+                <div>"Hello"</div>
+            })
+        } else {
+            Either::Right(view! {
+                <ActionForm action=action>
+                    <h1>"Log In"</h1>
+                    <label>
+                        "User ID:"
+                        <input
+                            type="text"
+                            placeholder="User ID"
+                            maxlength="32"
+                            name="username"
+                            class="auth-input"
+                        />
+                    </label>
+                    <label>
+                        "Password:"
+                        <input type="password" placeholder="Password" name="password" class="auth-input"/>
+                    </label>
+                    <button type="submit" class="button">
+                        "Log In"
+                    </button>
+                </ActionForm>
+            })
+        }
+    };
 
     view! {
-        <h1 class="font-bold">"Welcome to Leptos!"</h1>
-        <button on:click=on_click>"Click Me: " {count}</button>
+       <div>{res()}</div>
     }
 }
diff --git a/fnord_ui/src/components/navbar.rs b/fnord_ui/src/components/navbar.rs
index 2cd9add..3ed5fd7 100644
--- a/fnord_ui/src/components/navbar.rs
+++ b/fnord_ui/src/components/navbar.rs
@@ -1,18 +1,19 @@
 use leptos::prelude::*;
+use tailwind_fuse::tw_merge;
 
 #[component]
-pub fn Navbar(children: Children) -> impl IntoView {
+pub fn Navbar(#[prop(optional, into)] class: String, children: Children) -> impl IntoView {
     view! {
-        <nav class="fixed top-0 left-0 right-0 h-9 bg-background-highlight">
+        <nav class=tw_merge!("fixed top-0 left-0 right-0 h-9 bg-background_highlight flex flex-row justify-between items-center", class)>
         {children()}
         </nav>
     }
 }
 
 #[component]
-pub fn NavbarBrand(children: Children) -> impl IntoView {
+pub fn NavbarBrand(#[prop(optional, into)] class: String, children: Children) -> impl IntoView {
     view! {
-        <div class="fixed top-0 left-0 right-0 h-9 bg-background-highlight">
+        <div class=tw_merge!(" p-2 ", class)>
         {children()}
         </div>
     }
diff --git a/qbittorrent_rs/src/lib.rs b/qbittorrent_rs/src/lib.rs
index efcca65..fc501a4 100644
--- a/qbittorrent_rs/src/lib.rs
+++ b/qbittorrent_rs/src/lib.rs
@@ -46,16 +46,22 @@ impl QbtClient {
 
     #[tracing::instrument]
     pub async fn auth_login(&self, username: String, password: String) -> Result<String, QbtError> {
-        let url = format!("{}{}{}", self.base_url, TORRENTS_API, INFO_API);
+        tracing::info!("Going to do login");
+        let url = format!("{}/auth/login", self.base_url);
         let client = reqwest::Client::builder().build()?;
 
         let params = [("username", username), ("password", password)];
         let response = client.post(url).form(&params).send().await?;
+        let cookies: Vec<_> = response.cookies().collect();
+        let status = response.status();
 
-        let Some(sid) = response.cookies().find(|c| c.name() == "SID") else {
+        tracing::info!(cookies = ?cookies, status = ?status);
+
+        let Some(sid) = cookies.into_iter().find(|c| c.name() == "SID") else {
             return Err(QbtError::Unauthenticated);
         };
 
+        tracing::info!("Login success");
         Ok(sid.value().to_owned())
     }
 
diff --git a/server/Cargo.toml b/server/Cargo.toml
index 51719ec..c2fb4ae 100644
--- a/server/Cargo.toml
+++ b/server/Cargo.toml
@@ -17,3 +17,4 @@ axum.workspace = true
 tokio.workspace = true
 tower.workspace = true
 tower-http.workspace = true
+cookie = { version = "0.18.1", features = ["secure"] }
diff --git a/server/src/main.rs b/server/src/main.rs
index c92b7f3..11e9536 100644
--- a/server/src/main.rs
+++ b/server/src/main.rs
@@ -1,11 +1,13 @@
 use app::*;
+use auth::ssr::{AuthSession, Session, AUTH_COOKIE};
 use axum::{
     body::Body,
     extract::{FromRef, Path, Request, State},
-    http::header::CONTENT_TYPE,
-    response::IntoResponse,
+    http::header::{self, CONTENT_TYPE},
+    middleware::{self, Next},
+    response::{IntoResponse, Response},
     routing::{get, post},
-    Router, ServiceExt,
+    Extension, Router, ServiceExt,
 };
 use fileserv::file_and_error_handler;
 use leptos::prelude::*;
@@ -35,7 +37,7 @@ async fn main() {
     let leptos_options = conf.leptos_options;
     let addr = leptos_options.site_addr;
 
-    let qbt = QbtClient::new("http://localhost:9090");
+    let qbt = QbtClient::new("http://localhost:9090/api/v2");
     let qbt_routes = qbt.clone();
 
     let (routes, _static_data_map) =
@@ -57,6 +59,7 @@ async fn main() {
         )
         .leptos_routes_with_handler(routes, get(leptos_routes_handler))
         .fallback(file_and_error_handler)
+        .layer(middleware::from_fn(session_middleware))
         .with_state(app_state);
 
     // run our app with hyper
@@ -68,9 +71,38 @@ async fn main() {
         .unwrap();
 }
 
+async fn session_middleware(mut request: Request, next: Next) -> Response {
+    let res = request
+        .headers()
+        .get_all(header::COOKIE)
+        .into_iter()
+        .find_map(|x| {
+            let cs = cookie::Cookie::split_parse(x.to_str().unwrap());
+            let token = cs
+                .into_iter()
+                .find(|c| match c {
+                    Ok(c) => c.name() == AUTH_COOKIE,
+                    _ => false,
+                })
+                .map(|c| c.unwrap().value().to_string());
+            token
+        });
+    request.extensions_mut().insert(AuthSession::new(None));
+    if let Some(sealed_token) = res {
+        let session = app::auth::ssr::get_session(sealed_token).ok();
+        if let Some(session) = session {
+            request
+                .extensions_mut()
+                .insert(AuthSession::new(Some(session)));
+        }
+    }
+    next.run(request).await
+}
+
 /// Creates an axum handler to inject context into server functions.
 async fn server_fn_handler(
     State(app_state): State<AppState>,
+    Extension(auth_session): Extension<AuthSession>,
     path: Path<String>,
     request: Request<Body>,
 ) -> impl IntoResponse {
@@ -78,6 +110,9 @@ async fn server_fn_handler(
     handle_server_fns_with_context(
         move || {
             provide_context::<QbtClient>(app_state.qbt.clone());
+            if let Some(session) = &auth_session.session {
+                provide_context::<Session>(session.clone());
+            }
         },
         request,
     )
@@ -86,11 +121,15 @@ async fn server_fn_handler(
 
 pub async fn leptos_routes_handler(
     State(app_state): State<AppState>,
+    Extension(auth_session): Extension<AuthSession>,
     request: Request<Body>,
 ) -> axum::response::Response {
     let handler = leptos_axum::render_app_to_stream_with_context(
         move || {
             provide_context::<QbtClient>(app_state.qbt.clone());
+            if let Some(session) = &auth_session.session {
+                provide_context::<Session>(session.clone());
+            }
         },
         {
             let leptos_options = app_state.leptos_options.clone();
diff --git a/style/tailwind.css b/style/tailwind.css
index 65618aa..7ef8b1a 100644
--- a/style/tailwind.css
+++ b/style/tailwind.css
@@ -92,8 +92,10 @@ html, body {
 
 @layer base {
   :root {
-    --background: 0 0% 100%;
-    --foreground: 222.2 47.4% 11.2%;
+    --background: 230 11% 89%;
+    --background-dark: 226, 44%, 80%; 
+    --background-highlight: 229, 23%, 81%;
+    --foreground: 222 55% 48%;
  
     --muted: 210 40% 96.1%;
     --muted-foreground: 215.4 16.3% 46.9%;
diff --git a/tailwind.config.js b/tailwind.config.js
index 929e42e..a6cb340 100644
--- a/tailwind.config.js
+++ b/tailwind.config.js
@@ -20,6 +20,8 @@ module.exports = {
         input: "hsl(var(--input))",
         ring: "hsl(var(--ring))",
         background: "hsl(var(--background))",
+        background_highlight: "hsl(var(--background-highlight))",
+        background_dark: "hsl(var(--background-dark))",
         foreground: "hsl(var(--foreground))",
         primary: {
           DEFAULT: "hsl(var(--primary))",
@@ -54,4 +56,3 @@ module.exports = {
   },
   plugins: [],
 };
-