diff --git a/src/lib/server/session.ts b/src/lib/server/session.ts
index d999953..8a71e82 100644
--- a/src/lib/server/session.ts
+++ b/src/lib/server/session.ts
@@ -1,21 +1,23 @@
 import type { Permissions } from '$lib/permissions';
 import type { Cookies } from '@sveltejs/kit';
+import * as crypto from 'crypto';
+import type { Admin } from '$lib/server/database';
 
-const sessions: Map<string, Permissions> = new Map();
+const sessions: Map<string, { userId: number; permissions: Permissions }> = new Map();
 
-export function addSession(permissions: Permissions): string {
-	const session = 'AAA';
-	sessions.set(session, permissions);
+export function addSession(user: { id: number; permissions: Permissions } | Admin): string {
+	const session = crypto.randomBytes(16).toString('hex');
+	sessions.set(session, { userId: user.id, permissions: user.permissions });
 	return session;
 }
 
 export function getSession(session: string | Cookies, permissions?: number[]): Permissions | null {
 	let sess: Permissions | null;
 	if (typeof session == 'string') {
-		sess = sessions.get(session) || null;
+		sess = sessions.get(session)?.permissions || null;
 	} else {
 		const sessionId = session.get('session');
-		sess = sessionId ? sessions.get(sessionId) || null : null;
+		sess = sessionId ? sessions.get(sessionId)?.permissions || null : null;
 	}
 
 	if (!sess) {
@@ -28,3 +30,19 @@ export function getSession(session: string | Cookies, permissions?: number[]): P
 	}
 	return sess;
 }
+
+export function deleteSession(session: string | Cookies) {
+	if (typeof session == 'string') {
+		sessions.delete(session);
+	} else {
+		sessions.delete(session.get('session') || '');
+	}
+}
+
+export function deleteAllUserSessions(userId: number) {
+	for (const [id, details] of sessions.entries()) {
+		if (details.userId == userId) {
+			sessions.delete(id);
+		}
+	}
+}
diff --git a/src/routes/admin/admin/+server.ts b/src/routes/admin/admin/+server.ts
index 78ecd39..aea02f7 100644
--- a/src/routes/admin/admin/+server.ts
+++ b/src/routes/admin/admin/+server.ts
@@ -1,7 +1,8 @@
 import type { RequestHandler } from '@sveltejs/kit';
 import { Permissions } from '$lib/permissions';
-import { getSession } from '$lib/server/session';
+import { addSession, deleteAllUserSessions, deleteSession, getSession } from '$lib/server/session';
 import { Admin } from '$lib/server/database';
+import { env as publicEnv } from '$env/dynamic/public';
 
 export const POST = (async ({ request, cookies }) => {
 	if (getSession(cookies, [Permissions.AdminWrite]) == null) {
@@ -53,7 +54,21 @@ export const PATCH = (async ({ request, cookies }) => {
 	if (data['password']) updatePayload.password = data['password'];
 	if (data['permissions']) updatePayload.permissions = data['permissions'];
 
-	await Admin.update(updatePayload, { where: { id: id } });
+	let user = await Admin.findOne({ where: { id: id } });
+	if (!user) {
+		return new Response(null, {
+			status: 400
+		});
+	}
+	user = await user.update(updatePayload);
+
+	deleteSession(cookies);
+	cookies.set('session', addSession(user), {
+		path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
+		maxAge: 60 * 60 * 24 * 90,
+		httpOnly: true,
+		secure: true
+	});
 
 	return new Response();
 }) satisfies RequestHandler;
@@ -66,7 +81,7 @@ export const DELETE = (async ({ request, cookies }) => {
 	}
 
 	const data = await request.json();
-	const id = data['id'] as string | null;
+	const id = data['id'] as number | null;
 
 	if (id == null) {
 		return new Response(null, {
@@ -75,6 +90,7 @@ export const DELETE = (async ({ request, cookies }) => {
 	}
 
 	await Admin.destroy({ where: { id: id } });
+	deleteAllUserSessions(id);
 
 	return new Response();
 }) satisfies RequestHandler;
diff --git a/src/routes/admin/login/+server.ts b/src/routes/admin/login/+server.ts
index 0254eff..a0f88e6 100644
--- a/src/routes/admin/login/+server.ts
+++ b/src/routes/admin/login/+server.ts
@@ -22,18 +22,22 @@ export const POST = (async ({ request, cookies }) => {
 		username == env.ADMIN_USER &&
 		password == env.ADMIN_PASSWORD
 	) {
-		cookies.set('session', addSession(new Permissions(Permissions.allPermissions())), {
-			path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
-			maxAge: 60 * 60 * 24 * 90,
-			httpOnly: true,
-			secure: true
-		});
+		cookies.set(
+			'session',
+			addSession({ id: -1, permissions: new Permissions(Permissions.allPermissions()) }),
+			{
+				path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
+				maxAge: 60 * 60 * 24 * 90,
+				httpOnly: true,
+				secure: true
+			}
+		);
 		return new Response();
 	}
 
 	const user = await Admin.findOne({ where: { username: username } });
 	if (user && user.validatePassword(password)) {
-		cookies.set('session', addSession(user.permissions), {
+		cookies.set('session', addSession(user), {
 			path: `${publicEnv.PUBLIC_BASE_PATH}/admin`,
 			maxAge: 60 * 60 * 24 * 90,
 			httpOnly: true,