diff --git a/TODO.md b/TODO.md
index 7bbbca4..b48eaac 100644
--- a/TODO.md
+++ b/TODO.md
@@ -12,9 +12,8 @@
 [x] Create a `GET /new-project` endpoint that returns a HTML page with a project creation form. Keep it simple.
 [x] Add .env file support using the dotenv crate. Load environment variables on server startup.
 [x] Create a `GET /login` endpoint that returns a simple HTML login form (username and password fields).
-[ ] Create a `POST /login` endpoint that validates credentials against USERNAME and PASSWORD environment variables. On success, set a session cookie.
-[ ] Implement session management. Create a simple in-memory session store that tracks authenticated sessions by cookie token.
-[ ] Add authentication middleware or helper function to check if a request has a valid session cookie.
+[x] Add a rouille::session manager to set a session cookie.
+[ ] Create a `POST /login` endpoint that validates credentials against USERNAME and PASSWORD environment variables.
 [ ] Protect write endpoints (POST /projects, and any future write operations) with authentication. Redirect to /login if not authenticated.
 [ ] Add a login button to the front page (GET /projects) that links to /login.
 [ ] When logged in, show a "Create Project" button on the front page that links to /new-project.
diff --git a/src/main.rs b/src/main.rs
index 1e2e044..5002a5d 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,5 +1,5 @@
 use maud::{DOCTYPE, html};
-use rouille::{router, try_or_400};
+use rouille::{router, try_or_400, session};
 
 mod db;
 mod project;
@@ -14,24 +14,28 @@ fn main() {
     println!("Starting server on localhost:8080");
 
     rouille::start_server("localhost:8080", move |request| {
-        router!(request,
-            (GET) ["/"] => {
-                rouille::Response::redirect_302("/projects")
-            },
-            (GET) ["/main.css"] => {
-                let css = include_bytes!("main.css");
-                rouille::Response::from_data("text/css", css.as_ref())
-            },
-            (GET) ["/project-card.js"] => {
-                let js = include_bytes!("project-card.js");
-                rouille::Response::from_data("application/javascript", js.as_ref())
-            },
-            (GET) ["/projects"] => display_projects(),
-            (GET) ["/new-project"] => new_project_form(),
-            (GET) ["/login"] => login_form(),
-            (POST) ["/projects"] => create_project(request),
-            _ => rouille::Response::empty_404()
-        )
+        // Wrap all requests with session management
+        // This sets a session cookie with a 1-hour timeout
+        session::session(request, "SESSION", 3600, |_session| {
+            router!(request,
+                (GET) ["/"] => {
+                    rouille::Response::redirect_302("/projects")
+                },
+                (GET) ["/main.css"] => {
+                    let css = include_bytes!("main.css");
+                    rouille::Response::from_data("text/css", css.as_ref())
+                },
+                (GET) ["/project-card.js"] => {
+                    let js = include_bytes!("project-card.js");
+                    rouille::Response::from_data("application/javascript", js.as_ref())
+                },
+                (GET) ["/projects"] => display_projects(),
+                (GET) ["/new-project"] => new_project_form(),
+                (GET) ["/login"] => login_form(),
+                (POST) ["/projects"] => create_project(request),
+                _ => rouille::Response::empty_404()
+            )
+        })
     });
 }