diff --git a/cps/cw_login/utils.py b/cps/cw_login/utils.py
index abc6c303..b455e150 100644
--- a/cps/cw_login/utils.py
+++ b/cps/cw_login/utils.py
@@ -185,7 +185,7 @@ def login_user(user, remember=False, duration=None, force=False, fresh=True):
     session["_user_id"] = user_id
     session["_fresh"] = fresh
     session["_id"] = current_app.login_manager._session_identifier_generator()
-    session["_random"] = os.urandom(10).decode('utf-8')
+    session["_random"] = os.urandom(10).hex()
 
     if remember:
         session["_remember"] = "set"
diff --git a/cps/ub.py b/cps/ub.py
index 20e567f7..6048c462 100644
--- a/cps/ub.py
+++ b/cps/ub.py
@@ -71,8 +71,6 @@ def signal_store_user_session(object, user):
 
 
 def store_user_session():
-    #if flask_session.get('user_id', ""):
-    #    flask_session['_user_id'] = flask_session.get('user_id', "")
     _user = flask_session.get('_user_id', "")
     _id = flask_session.get('_id', "")
     _random = flask_session.get('_random', "")
@@ -107,11 +105,19 @@ def delete_user_session(user_id, session_key):
 
 def check_user_session(user_id, session_key):
     try:
-        return bool(session.query(User_Sessions).filter(User_Sessions.user_id==user_id,
-                                                       User_Sessions.session_key==session_key).one_or_none())
+        found = session.query(User_Sessions).filter(User_Sessions.user_id==user_id,
+                                                    User_Sessions.session_key==session_key).one_or_none()
+        if found is not None:
+            new_expiry = int((datetime.datetime.now()  + datetime.timedelta(days=31)).timestamp())
+            if new_expiry - found.expiry > 86400:
+                found.expiry = new_expiry
+                session.merge(found)
+                session.commit()
+        return bool(found)
     except (exc.OperationalError, exc.InvalidRequestError) as e:
         session.rollback()
         log.exception(e)
+        return False
 
 
 user_logged_in.connect(signal_store_user_session)
@@ -341,7 +347,7 @@ class User_Sessions(Base):
     user_id = Column(Integer, ForeignKey('user.id'))
     session_key = Column(String, default="")
     random = Column(String, default="")
-    expiry = Column(String, default="")
+    expiry = Column(Integer)
 
 
     def __init__(self, user_id, session_key, random, expiry):
@@ -576,7 +582,7 @@ def migrate_user_session_table(engine, _session):
         with engine.connect() as conn:
             trans = conn.begin()
             conn.execute(text("ALTER TABLE user_session ADD column 'random' String"))
-            conn.execute(text("ALTER TABLE user_session ADD column 'expiry' String"))
+            conn.execute(text("ALTER TABLE user_session ADD column 'expiry' Integer"))
             trans.commit()
 
 
diff --git a/cps/usermanagement.py b/cps/usermanagement.py
index e9cf0475..5295fe41 100644
--- a/cps/usermanagement.py
+++ b/cps/usermanagement.py
@@ -30,49 +30,7 @@ from . import lm, ub, config, logger, limiter, constants, services
 
 
 log = logger.create()
-
-
-'''class HTTPProxyAuth(HTTPAuth):
-    def __init__(self, scheme='Proxy', realm=None, header=None):
-        super(HTTPProxyAuth, self).__init__(scheme, realm, header)
-        self.user = None
-        self.verify_user_callback = None
-
-    def set_user(self, username):
-        self.user = username if username else None
-
-    def verify_login(self, f):
-        self.verify_user_callback = f
-        return f
-
-    def login_required(self, f=None, role=None, optional=None):
-        if f is not None and \
-                (role is not None or optional is not None):  # pragma: no cover
-            raise ValueError(
-                'role and optional are the only supported arguments')
-
-        def login_required_internal(f):
-            @wraps(f)
-            def decorated(*args, **kwargs):
-                if self.user:
-                    g.flask_httpauth_user = self.user
-                    return self.ensure_sync(f)(*args, **kwargs)
-            return decorated
-
-        if f:
-            return login_required_internal(f)
-        return login_required_internal
-
-
-
-    def authenticate(self, _auth, stored_password=None):
-        req = getattr(_auth, 'req', '')
-        if self.verify_user_callback:
-            return self.ensure_sync(self.verify_user_callback)(req)'''
-
-
 auth = HTTPBasicAuth()
-# proxy_auth = HTTPProxyAuth()
 
 
 @auth.verify_password
@@ -169,11 +127,13 @@ def load_user_from_reverse_proxy_header(req):
 
 @lm.user_loader
 def load_user(user_id, random, session_key):
+    # log.info(f"user {user_id}, random {random}")
+    # log.info(request)
     user = ub.session.query(ub.User).filter(ub.User.id == int(user_id)).first()
-    entry = ub.session.query(ub.User_Sessions).filter(ub.User_Sessions.random == random,
-                                                       ub.User_Sessions.session_key == session_key).first()
-    if entry and entry.id == user.id:
-        return user
-    else:
-        return None
+    if random and session_key:
+        entry = ub.session.query(ub.User_Sessions).filter(ub.User_Sessions.random == random,
+                                                           ub.User_Sessions.session_key == session_key).first()
+        if not entry or entry.user_id != user.id:
+            return None
+    return user
 
diff --git a/cps/web.py b/cps/web.py
index feea0cc6..7da22e3a 100644
--- a/cps/web.py
+++ b/cps/web.py
@@ -1340,7 +1340,6 @@ def register():
 
 def handle_login_user(user, remember, message, category):
     login_user(user, remember=remember)
-    ub.store_user_session()
     flash(message, category=category)
     [limiter.limiter.storage.clear(k.key) for k in limiter.current_limits]
     return redirect(get_redirect_location(request.form.get('next', None), "web.index"))