diff --git a/deluge/ui/web/js/Deluge.Login.js b/deluge/ui/web/js/Deluge.Login.js
index 69693d2ba..9fec0e58a 100644
--- a/deluge/ui/web/js/Deluge.Login.js
+++ b/deluge/ui/web/js/Deluge.Login.js
@@ -23,6 +23,9 @@ Copyright:
 
 (function(){
 	Ext.deluge.LoginWindow = Ext.extend(Ext.Window, {
+		
+		firstShow: true,
+		
 		constructor: function(config) {
 			config = Ext.apply({
 				layout: 'fit',
@@ -45,6 +48,7 @@ Copyright:
 			Ext.deluge.LoginWindow.superclass.initComponent.call(this);
 			Deluge.Events.on('logout', this.onLogout, this);
 			this.on('show', this.onShow, this);
+			this.on('beforeshow', this.onBeforeShow, this);
 			
 			this.addButton({
 				text: _('Login'),
@@ -82,10 +86,11 @@ Copyright:
 			var passwordField = this.loginForm.items.get('password');
 			Deluge.Client.web.login(passwordField.getValue(), {
 				success: function(result) {
-					if (result == true) {
+					if (result) {
 						Deluge.Events.fire('login');
 						this.hide();
 						passwordField.setRawValue('');
+						Deluge.UI.cookies.set("session", result);
 					} else {
 						Ext.MessageBox.show({
 							title: _('Login Failed'),
@@ -105,7 +110,40 @@ Copyright:
 		},
 		
 		onLogout: function() {
-			this.show();
+			var session = Deluge.UI.cookies.get("session", false);
+			if (session) {
+				Deluge.Client.web.delete_session(session, {
+					success: function(result) {
+						Deluge.UI.cookies.set("session", false);
+						this.show();
+					},
+					scope: this
+				});
+			}
+		},
+		
+		onBeforeShow: function() {
+			var session = Deluge.UI.cookies.get("session", false);
+			if (session) {
+				Deluge.Client.web.check_session(session, {
+					success: function(result) {
+						if (result) {
+							Deluge.Events.fire('login');
+							this.loginForm.items.get('password').setRawValue('');
+							this.hide();
+						} else {
+							Deluge.UI.cookies.set("session", false);
+							this.show();
+						}
+					},
+					failure: function(result) {
+						Deluge.UI.cookies.set("session", false);
+						this.show();
+					},
+					scope: this
+				});
+				return false;
+			}
 		},
 		
 		onShow: function() {
diff --git a/deluge/ui/web/js/Deluge.UI.js b/deluge/ui/web/js/Deluge.UI.js
index 7bc96f460..ae9e85849 100644
--- a/deluge/ui/web/js/Deluge.UI.js
+++ b/deluge/ui/web/js/Deluge.UI.js
@@ -49,11 +49,14 @@ Deluge.UI = {
 			items: [this.MainPanel]
 		});
 		
-		Deluge.Login.show();
-		
 		Deluge.Events.on("connect", this.onConnect, this);
 		Deluge.Events.on("disconnect", this.onDisconnect, this);
-		Deluge.Client = new Ext.ux.util.RpcClient({url: '/json'});
+		Deluge.Client = new Ext.ux.util.RpcClient({
+			url: '/json'
+		});
+		Deluge.Client.on('connected', function(e) {
+			Deluge.Login.show();
+		});
 		this.update = this.update.bind(this);
 	},
 	
diff --git a/deluge/ui/web/json_api.py b/deluge/ui/web/json_api.py
index de0f70180..6475e8773 100644
--- a/deluge/ui/web/json_api.py
+++ b/deluge/ui/web/json_api.py
@@ -25,6 +25,7 @@
 import os
 import time
 import base64
+import random
 import urllib
 import hashlib
 import logging
@@ -427,6 +428,35 @@ class WebApi(JSONComponent):
         d.callback(True)
         return d
     
+    def _create_session(self, login='admin'):
+        m = hashlib.md5()
+        m.update(login)
+        m.update(str(time.time()))
+        m.update(str(random.getrandbits(999)))
+        m.update(m.hexdigest())
+        session_id = m.hexdigest()
+        
+        config = component.get("DelugeWeb").config
+        config["sessions"][session_id] = {
+            "login": login
+        }
+        return session_id
+    
+    @export
+    def check_session(self, session_id):
+        d = Deferred()
+        config = component.get("DelugeWeb").config
+        d.callback(session_id in config["sessions"])
+        return d
+    
+    @export
+    def delete_session(self, session_id):
+        d = Deferred()
+        config = component.get("DelugeWeb").config
+        del config["sessions"][session_id]
+        d.callback(True)
+        return d
+    
     @export
     def login(self, password):
         """Method to allow the webui to authenticate
@@ -436,7 +466,11 @@ class WebApi(JSONComponent):
         m.update(config['pwd_salt'])
         m.update(password)
         d = Deferred()
-        d.callback(m.hexdigest() == config['pwd_md5'])
+        if m.hexdigest() == config['pwd_md5']:
+            # Change this to return a session id
+            d.callback(self._create_session())
+        else:
+            d.callback(False)
         return d
     
     @export
diff --git a/deluge/ui/web/server.py b/deluge/ui/web/server.py
index 14e3d6f9f..7df46c3d0 100644
--- a/deluge/ui/web/server.py
+++ b/deluge/ui/web/server.py
@@ -26,6 +26,7 @@ import os
 import time
 import locale
 import shutil
+import signal
 import urllib
 import gettext
 import hashlib
@@ -71,7 +72,7 @@ CONFIG_DEFAULTS = {
     "pwd_salt": "16f65d5c79b7e93278a28b60fed2431e",
     "pwd_md5": "2c9baa929ca38fb5c9eb5b054474d1ce",
     "base": "",
-    "sessions": [],
+    "sessions": {},
     "sidebar_show_zero": False,
     "sidebar_show_trackers": False,
     "show_keyword_search": False,