diff --git a/.gitignore b/.gitignore
index 58da11c14..b0f80a578 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,4 @@ gogs
 *.exe~
 .DS_Store
 *.db
-*.log
+*.log
\ No newline at end of file
diff --git a/routers/user/user.go b/routers/user/user.go
index cf1314086..d2da19d5a 100644
--- a/routers/user/user.go
+++ b/routers/user/user.go
@@ -9,6 +9,7 @@ import (
 	"net/http"
 
 	"github.com/martini-contrib/render"
+	"github.com/martini-contrib/sessions"
 
 	"github.com/gogits/validation"
 
@@ -23,7 +24,7 @@ func Profile(r render.Render) {
 	return
 }
 
-func SignIn(req *http.Request, r render.Render) {
+func SignIn(req *http.Request, r render.Render, session sessions.Session) {
 	if req.Method == "GET" {
 		r.HTML(200, "user/signin", map[string]interface{}{
 			"Title": "Log In",
@@ -31,14 +32,16 @@ func SignIn(req *http.Request, r render.Render) {
 		return
 	}
 
-	// todo sign in
-	_, err := models.LoginUserPlain(req.FormValue("account"), req.FormValue("passwd"))
+	// TODO: LDAP sign in
+	user, err := models.LoginUserPlain(req.FormValue("account"), req.FormValue("passwd"))
 	if err != nil {
 		r.HTML(200, "base/error", map[string]interface{}{
 			"Error": fmt.Sprintf("%v", err),
 		})
 		return
 	}
+	session.Set("userId", user.Id)
+	session.Set("userName", user.Name)
 	r.Redirect("/")
 }
 
diff --git a/web.go b/web.go
index 77226f578..4fca90a29 100644
--- a/web.go
+++ b/web.go
@@ -12,6 +12,7 @@ import (
 	"github.com/codegangsta/cli"
 	"github.com/codegangsta/martini"
 	"github.com/martini-contrib/render"
+	"github.com/martini-contrib/sessions"
 
 	"github.com/gogits/gogs/routers"
 	"github.com/gogits/gogs/routers/repo"
@@ -46,6 +47,10 @@ func runWeb(*cli.Context) {
 	// Middleware.
 	m.Use(render.Renderer(render.Options{Funcs: []template.FuncMap{AppHelpers}}))
 
+	// TODO: should use other store because cookie store is not secure.
+	store := sessions.NewCookieStore([]byte("secret123"))
+	m.Use(sessions.Sessions("my_session", store))
+
 	// Routers.
 	m.Get("/", routers.Dashboard)
 	m.Any("/login", user.SignIn)