diff --git a/src/core/Core.php b/src/core/Core.php
index 473b179..369b573 100644
--- a/src/core/Core.php
+++ b/src/core/Core.php
@@ -3,6 +3,9 @@ namespace core;
 
 use entity\order\Order;
 use entity\user\UserInterface;
+use repository\user\User as UserRepository;
+use repository\user\UserInterface as UserRepositoryInterface;
+use entity\user\User;
 
 /**
  *
@@ -46,8 +49,14 @@ final class Core implements CoreInterface
      */
     private $basket;
     
+    /**
+     * @var UserRepositoryInterface
+     */
+    private $userRepository;
+    
     public function __construct()
     {
+        session_start();
         $this->initTwig();
         $this->initDatabase();
         $this->initUser();
@@ -70,10 +79,18 @@ final class Core implements CoreInterface
      */
     private function initUser(): void
     {
+        $this->userRepository = new UserRepository($this);
         if($_SESSION['user']){
-            $this->user = $_SESSION['user'];
+            $this->user = $this->getUserBySession();
         }
     }
+    
+    private function getUserBySession():UserInterface{
+        $user = new User();
+        $user->setPasswordHash($_SESSION['user']['hash']);
+        $user->setEmail($_SESSION['user']['email']);
+        return $this->userRepository->getUserByMailAndHash($user);
+    }
 
     private function initTwig(): void
     {
@@ -101,9 +118,21 @@ final class Core implements CoreInterface
         return $this->user;
     }
 
+    private function setUserSession():void{
+        if($this->user){
+            $_SESSION['user'] = [
+                'email'=>$this->user->getEmail(),
+                'hash'=>$this->user->getPasswordHash(),
+            ];
+        }else{
+            unset($_SESSION['user']);
+        }
+    }
+    
     public function setUser(?UserInterface $user = null): void
     {
-        $_SESSION['user'] = $this->user = $user;
+        $this->user = $user;
+        $this->setUserSession();
     }
     
     /**
diff --git a/src/core/CoreTest.php b/src/core/CoreTest.php
index edf8e32..455c40e 100644
--- a/src/core/CoreTest.php
+++ b/src/core/CoreTest.php
@@ -26,6 +26,9 @@ class CoreTest extends TestCase
     protected function setUp():void{
         $this->core = new Core();
         $this->user = new User();
+        $this->user->setId(1);
+        $this->user->setEmail('test@mail.test');
+        $this->user->setPasswordHashByPassword('passwort:)');
         $this->core->setUser($this->user);
     }
     
@@ -42,7 +45,7 @@ class CoreTest extends TestCase
     }
     
     public function testSession():void{
-        $this->assertEquals($this->core->getUser(), $_SESSION['user']);
+        $this->assertEquals($this->core->getUser()->getPasswordHash(), $_SESSION['user']['hash']);
     }
 }