diff --git a/cmd/rdpgw/api/web.go b/cmd/rdpgw/api/web.go
index e7ccd84cb526ce78f07c0ee7e08f1febaf4d5537..ac804e23b134662046bde4b5976dabae2c7b05f7 100644
--- a/cmd/rdpgw/api/web.go
+++ b/cmd/rdpgw/api/web.go
@@ -13,6 +13,7 @@ import (
 	"log"
 	"math/rand"
 	"net/http"
+	"os"
 	"strconv"
 	"strings"
 	"time"
@@ -29,11 +30,12 @@ type UserTokenGeneratorFunc func(context.Context, string) (string, error)
 type Config struct {
 	SessionKey           []byte
 	SessionEncryptionKey []byte
+	SessionStore		 string
 	PAATokenGenerator    TokenGeneratorFunc
 	UserTokenGenerator   UserTokenGeneratorFunc
 	EnableUserToken      bool
 	OAuth2Config         *oauth2.Config
-	store                *sessions.CookieStore
+	store                sessions.Store
 	OIDCTokenVerifier    *oidc.IDTokenVerifier
 	stateStore           *cache.Cache
 	Hosts                []string
@@ -53,7 +55,13 @@ func (c *Config) NewApi() {
 	if len(c.Hosts) < 1 {
 		log.Fatal("Not enough hosts to connect to specified")
 	}
-	c.store = sessions.NewCookieStore(c.SessionKey, c.SessionEncryptionKey)
+	if c.SessionStore == "file" {
+		log.Println("Filesystem is used as session storage")
+		c.store = sessions.NewFilesystemStore(os.TempDir(), c.SessionKey, c.SessionEncryptionKey)
+	} else {
+		log.Println("Cookies are used as session storage")
+		c.store = sessions.NewCookieStore(c.SessionKey, c.SessionEncryptionKey)
+	}
 	c.stateStore = cache.New(time.Minute*2, 5*time.Minute)
 }
 
diff --git a/cmd/rdpgw/config/configuration.go b/cmd/rdpgw/config/configuration.go
index f47733e7634de39c7cc2857314820506421de598..cb851e3c2680da9df67f24a06199f0f8365446c0 100644
--- a/cmd/rdpgw/config/configuration.go
+++ b/cmd/rdpgw/config/configuration.go
@@ -23,6 +23,7 @@ type ServerConfig struct {
 	RoundRobin           bool
 	SessionKey           string
 	SessionEncryptionKey string
+	SessionStore         string
 	SendBuf				 int
 	ReceiveBuf			 int
 }
@@ -72,6 +73,8 @@ func init() {
 	viper.SetDefault("client.bandwidthAutoDetect", 1)
 	viper.SetDefault("security.verifyClientIp", true)
 	viper.SetDefault("server.tlsDisabled",  false)
+	viper.SetDefault("server.sessionStore", "cookie")
+	viper.SetDefault("caps.tokenAuth", true)
 }
 
 func Load(configFile string) Configuration {
diff --git a/cmd/rdpgw/main.go b/cmd/rdpgw/main.go
index 1736a8f641b741a9e2cf267ce7c2d94f8a1811b5..9f8510bc9ed8558d0fe9d0a1f79469a20bc0833b 100644
--- a/cmd/rdpgw/main.go
+++ b/cmd/rdpgw/main.go
@@ -71,6 +71,7 @@ func main() {
 		EnableUserToken:      conf.Security.EnableUserToken,
 		SessionKey:           []byte(conf.Server.SessionKey),
 		SessionEncryptionKey: []byte(conf.Server.SessionEncryptionKey),
+		SessionStore: 		  conf.Server.SessionStore,
 		Hosts:                conf.Server.Hosts,
 		NetworkAutoDetect:    conf.Client.NetworkAutoDetect,
 		UsernameTemplate:     conf.Client.UsernameTemplate,