diff --git a/src/main/java/de/thm/arsnova/WebSocketController.java b/src/main/java/de/thm/arsnova/WebSocketController.java
new file mode 100644
index 0000000000000000000000000000000000000000..60e8876c7f6bbaf7e1753e6a8ba7cf4a94618624
--- /dev/null
+++ b/src/main/java/de/thm/arsnova/WebSocketController.java
@@ -0,0 +1,35 @@
+package de.thm.arsnova;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import de.thm.arsnova.services.IUserService;
+import de.thm.arsnova.socket.ARSnovaSocketIOServer;
+
+@Controller
+public class WebSocketController {
+	
+	@Autowired
+	ARSnovaSocketIOServer server;
+	
+	@Autowired
+	IUserService userService;
+
+	public static final Logger logger = LoggerFactory.getLogger(WebSocketController.class);
+
+	@RequestMapping(method = RequestMethod.POST, value = "/authorize")
+	public void authorize(@RequestBody String session, HttpServletResponse response) {
+		boolean result = server.authorize(session, userService.getUser(SecurityContextHolder.getContext().getAuthentication()));
+		response.setStatus(result ? HttpStatus.CREATED.value() : HttpStatus.SERVICE_UNAVAILABLE.value());
+	}
+
+}
diff --git a/src/main/java/de/thm/arsnova/socket/ARSnovaSocketIOServer.java b/src/main/java/de/thm/arsnova/socket/ARSnovaSocketIOServer.java
index 5e79aa4b604d1dfb55c3a3c097956a4aae44a985..dc16406c25c4eaff58c1fb424f17597c8b892097 100644
--- a/src/main/java/de/thm/arsnova/socket/ARSnovaSocketIOServer.java
+++ b/src/main/java/de/thm/arsnova/socket/ARSnovaSocketIOServer.java
@@ -1,5 +1,8 @@
 package de.thm.arsnova.socket;
 
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -12,6 +15,7 @@ import com.corundumstudio.socketio.listener.ConnectListener;
 import com.corundumstudio.socketio.listener.DataListener;
 import com.corundumstudio.socketio.listener.DisconnectListener;
 
+import de.thm.arsnova.entities.User;
 import de.thm.arsnova.services.ISessionService;
 import de.thm.arsnova.socket.message.Feedback;
 
@@ -22,6 +26,8 @@ public class ARSnovaSocketIOServer {
 	
 	private final Logger logger = LoggerFactory.getLogger(getClass());
 	
+	private final Map<String, User> session2user = new ConcurrentHashMap<String, User>();
+	
 	private int portNumber;
 	private final Configuration config;
 	private SocketIOServer server;
@@ -29,6 +35,7 @@ public class ARSnovaSocketIOServer {
 
 	public ARSnovaSocketIOServer() {
 		config = new Configuration();
+
 	}
 
 	public void startServer() throws Exception {
@@ -46,8 +53,14 @@ public class ARSnovaSocketIOServer {
 					@Override
 					public void onData(SocketIOClient client, Feedback data) {
 						logger.info("setFeedback.onData: Client: {}, message: {}", new Object[] {client, data});
-						sessionService.postFeedback(data.getSessionkey(), data.getValue());
-						server.getBroadcastOperations().sendEvent("updateFeedback", sessionService.getFeedback(data.getSessionkey()));
+						User u = session2user.get(client.getSessionId().toString());
+						if(u == null || sessionService.isUserInSession(u, data.getSessionkey()) == false) {
+							return;
+						}
+						sessionService.postFeedback(data.getSessionkey(), data.getValue(), u);
+						de.thm.arsnova.entities.Feedback fb = sessionService.getFeedback(data.getSessionkey());
+						logger.info("fb: {}", fb);
+						server.getBroadcastOperations().sendEvent("updateFeedback", fb.getValues());
 					}
 		});
 
@@ -88,4 +101,8 @@ public class ARSnovaSocketIOServer {
 	public void setPortNumber(int portNumber) {
 		this.portNumber = portNumber;
 	}
+
+	public boolean authorize(String session, User user) {
+		return session2user.put(session, user) != null;		
+	}
 }
\ No newline at end of file