diff --git a/src/main/java/de/thm/arsnova/controller/AudienceQuestionController.java b/src/main/java/de/thm/arsnova/controller/AudienceQuestionController.java
index d390d7a5f05a172e78c944e1b9c63acc792f5537..5b606d54e098552f0e566e5bedc5de74d62c6aaa 100644
--- a/src/main/java/de/thm/arsnova/controller/AudienceQuestionController.java
+++ b/src/main/java/de/thm/arsnova/controller/AudienceQuestionController.java
@@ -117,4 +117,5 @@ public class AudienceQuestionController extends AbstractController {
 	) {
 		questionService.deleteInterposedQuestion(questionId);
 	}
+
 }
diff --git a/src/main/java/de/thm/arsnova/controller/LegacyController.java b/src/main/java/de/thm/arsnova/controller/LegacyController.java
index 8f2c5b7a0774467e35830a32f96d2f870e9faeee..83c049daddd8b5df8e8e246a291148a0c066fcab 100644
--- a/src/main/java/de/thm/arsnova/controller/LegacyController.java
+++ b/src/main/java/de/thm/arsnova/controller/LegacyController.java
@@ -22,16 +22,23 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import de.thm.arsnova.services.IQuestionService;
 
 @Controller
 public class LegacyController extends AbstractController {
 
 	public static final Logger LOGGER = LoggerFactory.getLogger(LegacyController.class);
 
+	@Autowired
+	private IQuestionService questionService;
+
 	/* specific routes */
 
 	@RequestMapping(value = "/session/mysessions", method = RequestMethod.GET)
@@ -115,6 +122,15 @@ public class LegacyController extends AbstractController {
 		return String.format("forward:/audiencequestion/?sessionkey=%s", sessionKey);
 	}
 
+	@RequestMapping(value = "/session/{sessionKey}/interposed", method = RequestMethod.DELETE)
+	@ResponseBody
+	public final void deleteAllInterposedQuestions(
+			@PathVariable final String sessionKey,
+			final HttpServletResponse response
+	) {
+		questionService.deleteAllInterposedQuestions(sessionKey);
+	}
+
 	@RequestMapping(value = "/session/{sessionKey}/interposedcount", method = RequestMethod.GET)
 	public final String redirectQuestionByAudienceCount(
 			@PathVariable final String sessionKey,
diff --git a/src/main/java/de/thm/arsnova/controller/SessionController.java b/src/main/java/de/thm/arsnova/controller/SessionController.java
index ecdb8b5f77a42980993451b6b5c001153d521bbb..525bd65ddea5469aed9cca1da4301d66c3749d3a 100644
--- a/src/main/java/de/thm/arsnova/controller/SessionController.java
+++ b/src/main/java/de/thm/arsnova/controller/SessionController.java
@@ -127,6 +127,15 @@ public class SessionController extends AbstractController {
 		return newSession;
 	}
 
+	@RequestMapping(value = "/{sessionkey}", method = RequestMethod.PUT)
+	@ResponseBody
+	public final Session updateSession(
+			@PathVariable final String sessionkey,
+			@RequestBody final Session session
+	) {
+		return sessionService.updateSession(sessionkey, session);
+	}
+
 	@RequestMapping(value = "/", method = RequestMethod.GET)
 	@ResponseBody
 	public final List<Session> getSessions(
diff --git a/src/main/java/de/thm/arsnova/dao/CouchDBDao.java b/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
index 252716b7147bf9b47186338d04706896dd4a1027..4860ceec3b5bbd9d2e5a51f195344e330d724ccb 100644
--- a/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
+++ b/src/main/java/de/thm/arsnova/dao/CouchDBDao.java
@@ -1068,6 +1068,24 @@ public class CouchDBDao implements IDatabaseDao {
 		return null;
 	}
 
+	@Override
+	public Session updateSession(Session session) {
+		try {
+			Document s = this.database.getDocument(session.get_id());
+			s.put("name", session.getName());
+			s.put("shortName", session.getShortName());
+			s.put("active", session.isActive());
+			this.database.saveDocument(s);
+			session.set_rev(s.getRev());
+
+			return session;
+		} catch (IOException e) {
+			LOGGER.error("Could not lock session {}", session);
+		}
+
+		return null;
+	}
+
 	@Override
 	public void deleteSession(Session session) {
 		try {
@@ -1284,4 +1302,20 @@ public class CouchDBDao implements IDatabaseDao {
 		}
 		return ids;
 	}
+	
+	public void deleteAllInterposedQuestions(Session session) {
+		NovaView view = new NovaView("interposed_question/by_session");
+		view.setKey(session.get_id());
+		ViewResults questions = this.getDatabase().view(view);
+		if (questions == null || questions.isEmpty()) {
+			return;
+		}
+		for (Document document : questions.getResults()) {
+			try {
+				this.deleteDocument(document.getId());
+			} catch (IOException e) {
+				LOGGER.error("Could not delete all interposed questions {}", session);
+			}
+		}
+	}
 }
diff --git a/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java b/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java
index 56490bb40f9fb133a75ba90f557ea8a805b6103f..46e2e1a53ce5b4567f4fa0e7be18461c9f7981da 100644
--- a/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java
+++ b/src/main/java/de/thm/arsnova/dao/IDatabaseDao.java
@@ -128,6 +128,8 @@ public interface IDatabaseDao {
 
 	List<String> getActiveUsers(int timeDifference);
 
+	Session updateSession(Session session);
+
 	void deleteSession(Session session);
 
 	List<Question> getLectureQuestions(User user, Session session);
@@ -155,4 +157,6 @@ public interface IDatabaseDao {
 	List<String> getUnAnsweredLectureQuestionIds(Session session, User user);
 
 	List<String> getUnAnsweredPreparationQuestionIds(Session session, User user);
+
+	void deleteAllInterposedQuestions(Session session);
 }
diff --git a/src/main/java/de/thm/arsnova/services/IQuestionService.java b/src/main/java/de/thm/arsnova/services/IQuestionService.java
index da43d6a3900020880f05f28bb5c7aa4dbcfab39c..92de9e1f30b40301b89a85d6543c5bd0b0c2e703 100644
--- a/src/main/java/de/thm/arsnova/services/IQuestionService.java
+++ b/src/main/java/de/thm/arsnova/services/IQuestionService.java
@@ -105,4 +105,6 @@ public interface IQuestionService {
 
 	List<String> getUnAnsweredPreparationQuestionIds(String sessionkey);
 
+	void deleteAllInterposedQuestions(String sessionKeyword);
+
 }
diff --git a/src/main/java/de/thm/arsnova/services/ISessionService.java b/src/main/java/de/thm/arsnova/services/ISessionService.java
index 7efe5e0491ac75935814e5b3af7c07b2822590ef..7a54db07f45c19267d88556d2cc7fab0e87df456 100644
--- a/src/main/java/de/thm/arsnova/services/ISessionService.java
+++ b/src/main/java/de/thm/arsnova/services/ISessionService.java
@@ -50,5 +50,7 @@ public interface ISessionService {
 
 	Session joinSession(String keyword, UUID socketId);
 
+	Session updateSession(String sessionkey, Session session);
+
 	void deleteSession(String sessionkey, User user);
 }
diff --git a/src/main/java/de/thm/arsnova/services/QuestionService.java b/src/main/java/de/thm/arsnova/services/QuestionService.java
index 04bf16eb3d1482f7d88f153e51eab25c2055eb7a..485bb1243aae7f6443a8abbfab2cbf3bc6ff31ab 100644
--- a/src/main/java/de/thm/arsnova/services/QuestionService.java
+++ b/src/main/java/de/thm/arsnova/services/QuestionService.java
@@ -35,6 +35,7 @@ import de.thm.arsnova.entities.InterposedReadingCount;
 import de.thm.arsnova.entities.Question;
 import de.thm.arsnova.entities.Session;
 import de.thm.arsnova.entities.User;
+import de.thm.arsnova.exceptions.ForbiddenException;
 import de.thm.arsnova.exceptions.NotFoundException;
 import de.thm.arsnova.exceptions.UnauthorizedException;
 import de.thm.arsnova.socket.ARSnovaSocketIOServer;
@@ -74,6 +75,12 @@ public class QuestionService implements IQuestionService {
 		Session session = this.databaseDao.getSessionFromKeyword(question.getSessionKeyword());
 		question.setSessionId(session.get_id());
 
+		User user = userService.getCurrentUser();
+
+		if (! session.isCreator(user)) {
+			throw new ForbiddenException();
+		}
+
 		if ("freetext".equals(question.getQuestionType())) {
 			question.setPiRound(0);
 		} else if (question.getPiRound() < 1 || question.getPiRound() > 2) {
@@ -134,7 +141,7 @@ public class QuestionService implements IQuestionService {
 
 		User user = userService.getCurrentUser();
 		Session session = databaseDao.getSession(question.getSessionKeyword());
-		if (user == null || session == null || !session.isCreator(user)) {
+		if (user == null || session == null || ! session.isCreator(user)) {
 			throw new UnauthorizedException();
 		}
 		databaseDao.deleteQuestionWithAnswers(question);
@@ -150,7 +157,7 @@ public class QuestionService implements IQuestionService {
 	private Session getSessionWithAuthCheck(String sessionKeyword) {
 		User user = userService.getCurrentUser();
 		Session session = databaseDao.getSession(sessionKeyword);
-		if (user == null || session == null || !session.isCreator(user)) {
+		if (user == null || session == null || ! session.isCreator(user)) {
 			throw new UnauthorizedException();
 		}
 		return session;
@@ -165,11 +172,22 @@ public class QuestionService implements IQuestionService {
 		}
 		User user = userService.getCurrentUser();
 		Session session = databaseDao.getSessionFromKeyword(question.getSessionId());
-		if (user == null || session == null || !session.isCreator(user)) {
+		if (user == null || session == null || ! session.isCreator(user)) {
 			throw new UnauthorizedException();
 		}
 		databaseDao.deleteInterposedQuestion(question);
 	}
+	
+	@Override
+	@Authenticated
+	public void deleteAllInterposedQuestions(String sessionKeyword) {
+		User user = userService.getCurrentUser();
+		Session session = databaseDao.getSessionFromKeyword(sessionKeyword);
+		if (user == null || session == null || ! session.isCreator(user)) {
+			throw new UnauthorizedException();
+		}
+		databaseDao.deleteAllInterposedQuestions(session);
+	}
 
 	@Override
 	@Authenticated
@@ -181,7 +199,7 @@ public class QuestionService implements IQuestionService {
 
 		User user = userService.getCurrentUser();
 		Session session = databaseDao.getSession(question.getSessionKeyword());
-		if (user == null || session == null || !session.isCreator(user)) {
+		if (user == null || session == null || ! session.isCreator(user)) {
 			throw new UnauthorizedException();
 		}
 		databaseDao.deleteAnswers(question);
@@ -382,7 +400,7 @@ public class QuestionService implements IQuestionService {
 			throw new NotFoundException();
 		}
 		User user = userService.getCurrentUser();
-		Session session = this.databaseDao.getSessionFromId(question.getSessionId());
+		Session session = this.databaseDao.getSessionFromKeyword(question.getSessionKeyword());
 		if (user == null || session == null || !session.isCreator(user)) {
 			throw new UnauthorizedException();
 		}
diff --git a/src/main/java/de/thm/arsnova/services/SessionService.java b/src/main/java/de/thm/arsnova/services/SessionService.java
index 88c5fe8212187d9f97c9af603a5df0d24081be11..c96e7066573ef3b543fb236541b84997bb634a98 100644
--- a/src/main/java/de/thm/arsnova/services/SessionService.java
+++ b/src/main/java/de/thm/arsnova/services/SessionService.java
@@ -233,9 +233,26 @@ public class SessionService implements ISessionService {
 	@Override
 	public Session setActive(String sessionkey, Boolean lock) {
 		Session session = databaseDao.getSessionFromKeyword(sessionkey);
+		User user = userService.getCurrentUser();
+		if (!session.isCreator(user)) {
+			throw new ForbiddenException();
+		}
 		return databaseDao.lockSession(session, lock);
 	}
 
+	@Override
+	@Authenticated
+	public Session updateSession(String sessionkey, Session session) {
+		Session s = databaseDao.getSession(sessionkey);
+		User user = userService.getCurrentUser();
+
+		if (!s.isCreator(user)) {
+			throw new ForbiddenException();
+		}
+
+		return databaseDao.updateSession(session);
+	}
+
 	@Override
 	@Authenticated
 	public void deleteSession(String sessionkey, User user) {
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index e89e459cce18e80dd33f993f4ae9cf1527d7503d..6e80f45abbbf0334bd7f1c60a4c95b5fdcdc47a4 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -81,6 +81,8 @@
 	</error-page>
 
 	<session-config>
+		<tracking-mode>COOKIE</tracking-mode>
+
 		<!-- delete sessions after 6 hours -->
 		<session-timeout>360</session-timeout>
 	</session-config>
diff --git a/src/test/java/de/thm/arsnova/dao/StubDatabaseDao.java b/src/test/java/de/thm/arsnova/dao/StubDatabaseDao.java
index 140f36b37ee1e9be01e463ec4c45f5a20ab422b6..a648568b0acaba5a2703d45964785e289c136efd 100644
--- a/src/test/java/de/thm/arsnova/dao/StubDatabaseDao.java
+++ b/src/test/java/de/thm/arsnova/dao/StubDatabaseDao.java
@@ -393,6 +393,12 @@ public class StubDatabaseDao implements IDatabaseDao {
 		return null;
 	}
 
+	@Override
+	public Session updateSession(Session session) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 	@Override
 	public void deleteSession(Session session) {
 		// TODO Auto-generated method stub
@@ -481,4 +487,8 @@ public class StubDatabaseDao implements IDatabaseDao {
 		// TODO Auto-generated method stub
 		return null;
 	}
+
+	public void deleteAllInterposedQuestions(Session session) {
+		// TODO Auto-generated method stub
+	}
 }