diff --git a/src/api/app_routes.rs b/src/api/app_routes.rs
index 38d30b3..7f422b9 100644
--- a/src/api/app_routes.rs
+++ b/src/api/app_routes.rs
@@ -1,7 +1,3 @@
-use actix_web::web;
-use utoipa::OpenApi;
-use utoipa_redoc::{Redoc, Servable};
-use crate::api::app_docs::ApiDoc;
 use crate::api::handler::email::captcha::{api_email_captcha_check, api_email_rand_captcha};
 use crate::api::handler::groups::avatar::{api_groups_avatar, api_groups_avatar_upload};
 use crate::api::handler::groups::create::api_groups_create;
@@ -29,10 +25,10 @@ use crate::api::handler::users::repos::api_users_repos;
 use crate::api::handler::users::reset::{api_user_reset_passwd_forget, api_user_reset_passwd_profile};
 use crate::api::handler::users::search::api_users_search;
 use crate::api::handler::users::starred::api_users_starred;
+use actix_web::web;
 
 pub fn routes(cfg: &mut web::ServiceConfig){
     cfg
-        .service(Redoc::with_url("/scalar", ApiDoc::openapi()))
         .service(
             web::scope("/user")
                 .service(
diff --git a/src/api/init.rs b/src/api/init.rs
index 7851668..3929816 100644
--- a/src/api/init.rs
+++ b/src/api/init.rs
@@ -1,6 +1,14 @@
+use actix_session::config::{CookieContentSecurity, PersistentSession, TtlExtensionPolicy};
+use actix_session::SessionMiddleware;
+use actix_session::storage::RedisSessionStore;
 use actix_web::{web, App, HttpServer};
+use actix_web::cookie::Key;
 use actix_web::web::scope;
+use time::Duration;
 use tracing::info;
+use utoipa::OpenApi;
+use utoipa_redoc::{Redoc, Servable};
+use crate::api::app_docs::ApiDoc;
 use crate::api::app_error::Error;
 use crate::api::app_routes;
 use crate::api::handler::version::api_version;
@@ -19,16 +27,38 @@ pub async fn init_api() -> Result<(), Error>{
     let cfg = CFG.get().unwrap().clone();
     info!("API server will start : {:?}", cfg.http.format());
     Init().await;
-    HttpServer::new(|| {
+    let session = RedisSessionStore::builder_pooled(META.get().unwrap().redis()).build().await.unwrap();
+    info!("Redis session store initialized.");
+    HttpServer::new(move || {
         let meta = META.get().unwrap().clone();
         App::new()
+            .wrap(
+                SessionMiddleware::builder(
+                    session.clone(),
+                    Key::from(&[0; 64])
+                )
+                    .cookie_name("SessionID".to_string())
+                    .cookie_path("/".to_string())
+                    .cookie_http_only(false)
+                    .cookie_content_security(
+                        CookieContentSecurity::Private
+                    )
+                    .session_lifecycle(
+                        PersistentSession::default()
+                            .session_ttl(Duration::days(30))
+                            .session_ttl_extension_policy(TtlExtensionPolicy::OnStateChanges)
+                    )
+                    .cookie_secure(false)
+                    .build()
+            )
             .app_data(web::Data::new(meta))
             .wrap(ActixServer)
             .service(
                 scope("/api")
+                    .service(Redoc::with_url("/scalar", ApiDoc::openapi()))
                     .route("/version", web::get().to(api_version))
                     .service(
-                        web::scope("/v1")
+                        scope("/v1")
                             .configure(app_routes::routes)
                     )
             )