diff --git a/main.py b/main.py
index 268e364e39a135e9269b45900e12059a3b7f41e0..6e42ee0346e7d160b877f367d9257f04251e1d5c 100644
--- a/main.py
+++ b/main.py
@@ -10,6 +10,10 @@ from io import BytesIO #Needed for base64 encoding of the image
 from PIL import Image #Needed for QR generation
 import json #used for github oauth
 from html import escape #This is used to escape characters, if they are send in the url
+from itsdangerous import URLSafeSerializer #used for signing the cookies
+import random #used for signing the cookies
+import string #used for signing the cookies
+
 app = Flask(__name__)
 
 domain_to_index = {}
@@ -83,6 +87,17 @@ try:
 except:
     cookieNotice = True
 
+try:
+    secretKey = open("db/secretKey.txt", "r").read()
+except:
+    secretKey = ''.join(random.choice(string.ascii_lowercase) for i in range(100)) #If we can't find the secret key(first run) we generate it in this step and write it to a file
+    print("generated secret Key. Key is: " + secretKey)
+    f = open("db/secretKey.txt", "w")
+    f.write(secretKey)
+    f.close()
+    secretKey = open("db/secretKey.txt", "r").read()
+s = URLSafeSerializer(secretKey)
+
 index = 0
 domain_prepared = ""
 for domains in domain: #Make from every domnain a entry for the select box later
@@ -144,7 +159,7 @@ def grecaptcha_verify(request): #This function is used to verify the google reca
 @app.route('/', methods=['GET'])
 def home_get():
     try:
-        loginbar = "Hello " + request.cookies.get('username') + ' (<a href="/user/links" style="color:white">your links</a>, <a href="/user/logout" style="color:white">logout</a>)'
+        loginbar = "Hello " + s.loads(request.cookies.get('username')) + ' (<a href="/user/links" style="color:white">your links</a>, <a href="/user/logout" style="color:white">logout</a>)'
     except:
         loginbar = '<a href="#" onClick="showLogin()" style="color:white">login</a>'
 
@@ -155,8 +170,8 @@ def home_get():
 def home_post():
     
     try:
-        userID = request.cookies.get('userID')
-        loginbar = "Hello " + request.cookies.get('username') + ' (<a href="/user/links" style="color:white">your links</a>, <a href="/user/logout" style="color:white">logout</a>)'
+        userID = s.loads(request.cookies.get('userID'))
+        loginbar = "Hello " + s.loads(request.cookies.get('username')) + ' (<a href="/user/links" style="color:white">your links</a>, <a href="/user/logout" style="color:white">logout</a>)'
     except:
         userID = "null"
         loginbar = '<a href="/user/login" style="color:white">login</a>'
@@ -238,8 +253,8 @@ def authorizeGoogle():
         userID = r.text.split('"id": "')[1].split('"')[0]
         name = r.text.split('"name": "')[1].split('"')[0]
         resp = make_response(redirect('/')) #redirect the user at the end back to the main page
-        resp.set_cookie('userID', "google_" + userID) #set the cookies with username and userid
-        resp.set_cookie('username', name)
+        resp.dumps('userID', s.sign("google_" + userID)) #set the cookies with username and userid
+        resp.dumps('username', s.sign(name))
         return resp
     except:
         return "Authentication failed"
@@ -247,23 +262,20 @@ def authorizeGoogle():
 
 @app.route('/user/github-callback') #Github redirects to this link after the user authenticated. Then we use the Token we get from github and request via the github api the username and the userid
 def authorizeGithub():
-    try:
-        code = request.args.get("code")
-        url = "https://github.com/login/oauth/access_token" #The baseurl
-        params = {'client_id': GITHUB_CLIENT_ID, 'client_secret': GITHUB_CLIENT_SECRET, 'code': code} #As paramtere we send the client id and the client secret which we get from github when registering an application and the user code from before
-        oauth_token = post(url,params).text.split("access_token=")[1].split("&")[0] #Send a post request with the parameters from
-
-        headers = {'Authorization': 'token ' + oauth_token,} #Useragent doesn't matters, but is set here
-        githubResponse = get("https://api.github.com/user", headers=headers).text
-        userID = str(json.loads(githubResponse)['id'])
-        username = str(json.loads(githubResponse)['login'])
-
-        resp = make_response(redirect('/')) #redirect the user at the end back to the main page
-        resp.set_cookie('userID', "github_" + userID) #set the cookies with username and userid
-        resp.set_cookie('username', username)
-        return resp
-    except:
-        return "Authentication failed"
+    code = request.args.get("code")
+    url = "https://github.com/login/oauth/access_token" #The baseurl
+    params = {'client_id': GITHUB_CLIENT_ID, 'client_secret': GITHUB_CLIENT_SECRET, 'code': code} #As paramtere we send the client id and the client secret which we get from github when registering an application and the user code from before
+    oauth_token = post(url,params).text.split("access_token=")[1].split("&")[0] #Send a post request with the parameters from
+
+    headers = {'Authorization': 'token ' + oauth_token,} #Useragent doesn't matters, but is set here
+    githubResponse = get("https://api.github.com/user", headers=headers).text
+    userID = str(json.loads(githubResponse)['id'])
+    username = str(json.loads(githubResponse)['login'])
+
+    resp = make_response(redirect('/')) #redirect the user at the end back to the main page
+    resp.dumps('userID', s.dumps("github_" + userID)) #set the cookies with username and userid
+    resp.dumps('username', s.dumps(username))
+    return resp
     
 @app.route('/user/logout')
 def logout():
@@ -275,8 +287,8 @@ def logout():
 @app.route('/user/links')#This function gives the user the posibility to see and delete his links
 def ownLinks():
     try:
-        userID = request.cookies.get('userID') #Get the userid from the cookie
-        loginbar = "Hello " + request.cookies.get('username') + ' (<a href="/user/logout" style="color:white">logout</a>)' #This is the loginbar
+        userID = s.loads(request.cookies.get('userID')) #Get the userid from the cookie
+        loginbar = "Hello " + s.loads(request.cookies.get('username')) + ' (<a href="/user/logout" style="color:white">logout</a>)' #This is the loginbar
     except:
         return redirect("/user/login") #If user is not logged in redirect him to the login page
 
@@ -298,8 +310,8 @@ def ownLinks():
 @app.route('/user/delete') #This function is called if a user deletes an entrie
 def delete():
     try:
-        userID = request.cookies.get('userID') #get the userid from the cookie
-        loginbar = "Hello " + request.cookies.get('username') + ' (<a href="/user/logout" style="color:white">logout</a>)' # generate the login form
+        userID = s.loads(request.cookies.get('userID')) #get the userid from the cookie
+        loginbar = "Hello " + s.loads(request.cookies.get('username')) + ' (<a href="/user/logout" style="color:white">logout</a>)' # generate the login form
     except:
         return redirect("/user/login") # if user is not logged in redirect him to the login page
     linkToDelete = request.args.get('link') #get the link, which the user want's to delete from the parameter in the url.