diff --git a/routes/cms-auth.js b/routes/cms-auth.js
index cce6fe2..183dc95 100644
--- a/routes/cms-auth.js
+++ b/routes/cms-auth.js
@@ -32,26 +32,18 @@ module.exports = function (config, app) {
 		 */
 		login: function (req, res, next) {
 			var query = {};
-
-			//TODO: Need to make this externalized.
 			if (req.body.username) {
 				query.username = req.body.username;
 			}
 			if (req.body.email) {
 				query.username = req.body.email;
 			}
-
-			//TODO: Hashing on client side
 			query.password = hashPassword( req.body.password, query.username );
-
-			console.warn( 'Login Query: ' + JSON.stringify( query ) + ''.verbose );
-
 			User.findOne( {username: query.username}, function (err, data) {
 				if (err) {
 					res.jsonp( 400, err );
 				}
-				if (data) {
-					console.warn('found user', util.inspect(data, {colors: true}));
+				if (data && bcrypt.compareSync(req.body.password, data.password)) {
 					res.jsonp( 200, data );
 				} else {
 					res.jsonp( 404, {message: 'Wrong username/password!'} );
@@ -75,10 +67,7 @@ module.exports = function (config, app) {
 			if (req.body.email) {
 				data.username = req.body.email;
 			}
-
-			//TODO: Hashing on client side
 			data.password = hashPassword( req.body.password, data.username );
-
 			data.created_at = new Date();
 			data.updated_at = new Date();
 			data.active = false;
@@ -89,12 +78,16 @@ module.exports = function (config, app) {
 			//Try and find user
 			User.find( {username: data.username}, function (err, u) {
 				console.log(err, util.inspect(u, {colors: true}));
+
 				if(err){
 					res.json( 400, {message: 'Problem registering!'} );
 				}
+
 				if (u.length > 0) {
 					res.json( 400, {message: 'Username already exists!'} );
-				} else {
+				}
+
+				if(!err){
 					user.save( function (er, ok) {
 						if (er) {
 							res.json( 400, {message: 'Problem registering!'} );
@@ -110,6 +103,11 @@ module.exports = function (config, app) {
 	};
 
 	//Always users table
+	app.use( session( {
+		secret: 'angular-cms',
+		resave: true,
+		saveUninitialized: true
+	} ) );
 	app.post( config.apiBase + '/users/login', bodyParser.json(), cmsAuth.login );
 	app.post( config.apiBase + '/users/register', bodyParser.json(), cmsAuth.register );
 	app.post( config.apiBase + '/users/session', bodyParser.json(), cmsAuth.session );