diff --git a/cache/lastCache.txt b/cache/lastCache.txt
index f48634d..930d02c 100644
--- a/cache/lastCache.txt
+++ b/cache/lastCache.txt
@@ -1 +1 @@
-1527151147
\ No newline at end of file
+1527608103
\ No newline at end of file
diff --git a/settings/settings.yaml.example b/settings/settings.yaml.example
deleted file mode 100644
index 5bf82aa..0000000
--- a/settings/settings.yaml.example
+++ /dev/null
@@ -1,6 +0,0 @@
-title: MyWebsite
-author: 'Your Name'
-copyright: ©
-year: '2018'
-theme: typemill
-startpage: true
\ No newline at end of file
diff --git a/system/Controllers/AuthController.php b/system/Controllers/AuthController.php
index 1c332fb..777b1ce 100644
--- a/system/Controllers/AuthController.php
+++ b/system/Controllers/AuthController.php
@@ -34,7 +34,7 @@ class AuthController extends Controller
 	*/
 	
 	public function show(Request $request, Response $response, $args)
-	{
+	{	
 		$data 			= array();
 
 		/* check previous login attemps */		
@@ -63,7 +63,7 @@ class AuthController extends Controller
 			}
 		}
 
-		$this->c->view->render($response, '/auth/login.twig', $data);
+		$this->render($response, '/auth/login.twig', $data);
 	}
 	
 	/**
diff --git a/system/Controllers/Controller.php b/system/Controllers/Controller.php
index dc901f6..a0a6990 100644
--- a/system/Controllers/Controller.php
+++ b/system/Controllers/Controller.php
@@ -18,9 +18,17 @@ abstract class Controller
 	protected function render($response, $route, $data)
 	{
 		$data = $this->c->dispatcher->dispatch('onPageReady', new OnPageReady($data))->getData();
-
-		unset($_SESSION['old']);
 		
+		if(isset($_SESSION['old']))
+		{
+			unset($_SESSION['old']);
+		}
+		
+		if($this->c->request->getUri()->getScheme() == 'https')
+		{
+			$response = $response->withAddedHeader('Strict-Transport-Security', 'max-age=63072000');			
+		}
+			
 		$response = $response->withAddedHeader('X-Content-Type-Options', 'nosniff');
 		$response = $response->withAddedHeader('X-Frame-Options', 'SAMEORIGIN');
 		$response = $response->withAddedHeader('X-XSS-Protection', '1;mode=block');
diff --git a/system/author/settings/system.twig b/system/author/settings/system.twig
index e70d23f..c3accb5 100644
--- a/system/author/settings/system.twig
+++ b/system/author/settings/system.twig
@@ -57,6 +57,9 @@
 						{% if errors.settings.language %}
 							<span class="error">{{ errors.settings.language | first }}</span>
 						{% endif %}
+					</div><div class="medium">
+						<label for="settings[sitemap]">Google Sitemap <small>(Readonly)</small></label>
+						<input type="text" name="settings[sitemap]" id="sitemap" readonly value="{{ base_url }}cache/sitemap.xml" />
 					</div><div class="medium">
 						<span class="label">Startpage</span>
 						<label class="control-group">Startpage is designed as landing-page.
diff --git a/system/system.php b/system/system.php
index 17315f7..bb8da25 100644
--- a/system/system.php
+++ b/system/system.php
@@ -3,14 +3,6 @@
 use Typemill\Events\OnSettingsLoaded;
 use Typemill\Events\OnPluginsLoaded;
 
-/************************
-* START SESSION			*
-************************/
-
-ini_set( 'session.cookie_httponly', 1 );
-session_name('typemill_session');
-session_start();
-
 /****************************
 * CREATE EVENT DISPATCHER	*
 ****************************/
@@ -35,17 +27,6 @@ $app = new \Slim\App($settings);
 
 $container = $app->getContainer();
 
-/************************
-* ADD CSRF PROTECTION 	*
-************************/
-
-$container['csrf'] = function ($c) {
-    $guard = new \Slim\Csrf\Guard();
-    $guard->setPersistentTokenMode(true);
-	
-	return $guard;
-};
-
 /************************
 * LOAD PLUGINS 			*
 ************************/
@@ -117,14 +98,52 @@ $container['assets'] = function($c)
 	return new \Typemill\Assets($c['request']->getUri()->getBaseUrl());
 };
 
-/******************************
-* ADD FLASH MESSAGES FOR TIWG *
-******************************/
 
-$container['flash'] = function () 
+/************************
+* 	DECIDE FOR SESSION	*
+************************/
+
+$session_segments = array('setup/', 'tm/');
+$path = $container['request']->getUri()->getPath();
+$container['flash'] = false;
+$container['csrf'] = false;
+
+foreach($session_segments as $segment)
 {
-    return new \Slim\Flash\Messages();
-};
+	if(substr( $path, 0, strlen($segment) ) === $segment)
+	{
+		/* start a session */
+		ini_set( 'session.cookie_httponly', 1 );
+		ini_set('session.use_strict_mode', 1);
+		if($container['request']->getUri()->getScheme() == 'https')
+		{
+			ini_set('session.cookie_secure', 1);
+			session_name('__Secure-typemill-session');
+		}
+		else
+		{
+			session_name('typemill-session');
+		}
+		session_start();
+		
+		/* add csrf-protection */
+		$container['csrf'] = function ($c)
+		{
+			$guard = new \Slim\Csrf\Guard();
+			$guard->setPersistentTokenMode(true);
+			
+			return $guard;
+		};
+		
+		/* add flash to container */
+		$container['flash'] = function () 
+		{
+			return new \Slim\Flash\Messages();
+		};
+				
+		break;
+	}
+}
 
 /************************
 * 	LOAD TWIG VIEW		*
@@ -144,14 +163,17 @@ $container['view'] = function ($container)
     $basePath = rtrim(str_ireplace('index.php', '', $container['request']->getUri()->getBasePath()), '/');
     $view->addExtension(new Slim\Views\TwigExtension($container['router'], $basePath));
 	$view->addExtension(new Twig_Extension_Debug());
-    $view->addExtension(new Typemill\Extensions\TwigCsrfExtension($container['csrf']));
     $view->addExtension(new Typemill\Extensions\TwigUserExtension());
 	
 	/* use {{ base_url() }} in twig templates */
 	$view['base_url'] = $container['request']->getUri()->getBaseUrl();
 	
-	/* add flash messages to all views */
-	$view->getEnvironment()->addGlobal('flash', $container->flash);
+	/* if session route, add flash messages and csrf-protection */
+	if($container['flash'])
+	{
+		$view->getEnvironment()->addGlobal('flash', $container->flash);
+		$view->addExtension(new Typemill\Extensions\TwigCsrfExtension($container['csrf']));
+	}
 
 	/* add asset-function to all views */
 	$view->getEnvironment()->addGlobal('assets', $container->assets);
@@ -183,9 +205,13 @@ foreach($middleware as $pluginMiddleware)
 		$app->add(new $middlewareClass($middlewareParams));
 	}
 }
-$app->add(new \Typemill\Middleware\ValidationErrorsMiddleware($container['view']));
-$app->add(new \Typemill\Middleware\OldInputMiddleware($container['view']));
-$app->add($container->get('csrf'));
+
+if($container['flash'])
+{
+	$app->add(new \Typemill\Middleware\ValidationErrorsMiddleware($container['view']));
+	$app->add(new \Typemill\Middleware\OldInputMiddleware($container['view']));
+	$app->add($container->get('csrf'));	
+}
 
 /************************
 * 	ADD ROUTES			*