diff --git a/.gitignore b/.gitignore
index 2e379fd8aa6810f8f1c25325d1bb93a04a44de44..58dcef538667d42fd5fcfa3568f4da49eb36af06 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,5 @@ __pycache__/
 builddate.txt
 db/urls.db-journal
 .vscode
+
+db/secretKey.txt
diff --git a/main.py b/main.py
index 268e364e39a135e9269b45900e12059a3b7f41e0..3b0d466d9e4966e64a8fef627b5c0216c53546f6 100644
--- a/main.py
+++ b/main.py
@@ -10,6 +10,10 @@ from io import BytesIO #Needed for base64 encoding of the image
 from PIL import Image #Needed for QR generation
 import json #used for github oauth
 from html import escape #This is used to escape characters, if they are send in the url
+from itsdangerous import URLSafeSerializer #used for signing the cookies
+import random #used for signing the cookies
+import string #used for signing the cookies
+
 app = Flask(__name__)
 
 domain_to_index = {}
@@ -83,6 +87,17 @@ try:
 except:
     cookieNotice = True
 
+try:
+    secretKey = open("db/secretKey.txt", "r").read()
+except:
+    secretKey = ''.join(random.choice(string.ascii_lowercase) for i in range(100)) #If we can't find the secret key(first run) we generate it in this step and write it to a file
+    print("generated secret Key. Key is: " + secretKey)
+    f = open("db/secretKey.txt", "w")
+    f.write(secretKey)
+    f.close()
+    secretKey = open("db/secretKey.txt", "r").read()
+s = URLSafeSerializer(secretKey)
+
 index = 0
 domain_prepared = ""
 for domains in domain: #Make from every domnain a entry for the select box later
@@ -144,7 +159,7 @@ def grecaptcha_verify(request): #This function is used to verify the google reca
 @app.route('/', methods=['GET'])
 def home_get():
     try:
-        loginbar = "Hello " + request.cookies.get('username') + ' (<a href="/user/links" style="color:white">your links</a>, <a href="/user/logout" style="color:white">logout</a>)'
+        loginbar = "Hello " + s.loads(request.cookies.get('username')) + ' (<a href="/user/links" style="color:white">your links</a>, <a href="/user/logout" style="color:white">logout</a>)'
     except:
         loginbar = '<a href="#" onClick="showLogin()" style="color:white">login</a>'
 
@@ -155,8 +170,8 @@ def home_get():
 def home_post():
     
     try:
-        userID = request.cookies.get('userID')
-        loginbar = "Hello " + request.cookies.get('username') + ' (<a href="/user/links" style="color:white">your links</a>, <a href="/user/logout" style="color:white">logout</a>)'
+        userID = s.loads(request.cookies.get('userID'))
+        loginbar = "Hello " + s.loads(request.cookies.get('username')) + ' (<a href="/user/links" style="color:white">your links</a>, <a href="/user/logout" style="color:white">logout</a>)'
     except:
         userID = "null"
         loginbar = '<a href="/user/login" style="color:white">login</a>'
@@ -238,8 +253,8 @@ def authorizeGoogle():
         userID = r.text.split('"id": "')[1].split('"')[0]
         name = r.text.split('"name": "')[1].split('"')[0]
         resp = make_response(redirect('/')) #redirect the user at the end back to the main page
-        resp.set_cookie('userID', "google_" + userID) #set the cookies with username and userid
-        resp.set_cookie('username', name)
+        resp.set_cookie('userID', s.dumps("google_" + userID)) #set the cookies with username and userid
+        resp.set_cookie('username', s.dumps(name))
         return resp
     except:
         return "Authentication failed"
@@ -259,8 +274,8 @@ def authorizeGithub():
         username = str(json.loads(githubResponse)['login'])
 
         resp = make_response(redirect('/')) #redirect the user at the end back to the main page
-        resp.set_cookie('userID', "github_" + userID) #set the cookies with username and userid
-        resp.set_cookie('username', username)
+        resp.set_cookie('userID', s.dumps("github_" + userID)) #set the cookies with username and userid
+        resp.set_cookie('username', s.dumps(username))
         return resp
     except:
         return "Authentication failed"
@@ -275,8 +290,8 @@ def logout():
 @app.route('/user/links')#This function gives the user the posibility to see and delete his links
 def ownLinks():
     try:
-        userID = request.cookies.get('userID') #Get the userid from the cookie
-        loginbar = "Hello " + request.cookies.get('username') + ' (<a href="/user/logout" style="color:white">logout</a>)' #This is the loginbar
+        userID = s.loads(request.cookies.get('userID')) #Get the userid from the cookie
+        loginbar = "Hello " + s.loads(request.cookies.get('username')) + ' (<a href="/user/logout" style="color:white">logout</a>)' #This is the loginbar
     except:
         return redirect("/user/login") #If user is not logged in redirect him to the login page
 
@@ -298,8 +313,8 @@ def ownLinks():
 @app.route('/user/delete') #This function is called if a user deletes an entrie
 def delete():
     try:
-        userID = request.cookies.get('userID') #get the userid from the cookie
-        loginbar = "Hello " + request.cookies.get('username') + ' (<a href="/user/logout" style="color:white">logout</a>)' # generate the login form
+        userID = s.loads(request.cookies.get('userID')) #get the userid from the cookie
+        loginbar = "Hello " + s.loads(request.cookies.get('username')) + ' (<a href="/user/logout" style="color:white">logout</a>)' # generate the login form
     except:
         return redirect("/user/login") # if user is not logged in redirect him to the login page
     linkToDelete = request.args.get('link') #get the link, which the user want's to delete from the parameter in the url.
diff --git a/requirements.txt b/requirements.txt
index 14eff3ce2eadeabd99d264e09c6352b8f64c669e..fd51337fb774602b0b5116679ae5f648531274f6 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,4 +3,5 @@ flask
 qrcode
 requests
 Pillow
-tqdm
\ No newline at end of file
+tqdm
+itsdangerous
\ No newline at end of file