diff --git a/geruecht/__init__.py b/geruecht/__init__.py
index 6591d64..671f980 100644
--- a/geruecht/__init__.py
+++ b/geruecht/__init__.py
@@ -1,15 +1,18 @@
 from flask import Flask
 from flask_sqlalchemy import SQLAlchemy
 from flask_bcrypt import Bcrypt
+from flask_cors import CORS
 from .controller.accesTokenController import AccesTokenController
 # from flask_login import LoginManager
 
 app = Flask(__name__)
+CORS(app)
 # app.config['SECRET_KEY'] = '0a657b97ef546da90b2db91862ad4e29'
 app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///site.db'
 db = SQLAlchemy(app)
 bcrypt = Bcrypt(app)
 accesTokenController = AccesTokenController()
+accesTokenController.start()
 # login_manager = LoginManager(app)
 # login_manager.login_view = 'login'
 # login_manager.login_message_category = 'info'
diff --git a/geruecht/controller/accesTokenController.py b/geruecht/controller/accesTokenController.py
index 1dfc13c..e7a5c77 100644
--- a/geruecht/controller/accesTokenController.py
+++ b/geruecht/controller/accesTokenController.py
@@ -1,25 +1,51 @@
 from geruecht.model.accessToken import AccessToken
 from datetime import datetime
+import time
+from threading import Thread
 import hashlib
 
-class AccesTokenController():
+class AccesTokenController(Thread):
     tokenList = None
+    self.lifetime = 60
 
     def __init__(self):
+        print("init AccesTokenControlle")
+        print("init threading")
+        Thread.__init__(self)
         self.tokenList = []
 
     def findAccesToken(self, token):
+        print("search for AccesToken", token)
         for accToken in self.tokenList:
             if accToken == token:
+                print("find AccesToken", accToken, "with token", token)
                 return accToken
+        print("no AccesToken with", token)
         return None
 
     def createAccesToken(self, user):
-        time = datetime.ctime(datetime.now())
-        token = hashlib.md5((time + user.password).encode('utf-8')).hexdigest()
+        print("create AccesToken")
+        now = datetime.ctime(datetime.now())
+        token = hashlib.md5((now + user.password).encode('utf-8')).hexdigest()
         self.tokenList.append(AccessToken(user, token))
         print(self.tokenList)
+        print("finished create AccesToken", token)
         return token
 
     def isSameGroup(self, accToken, group):
+        print("controll if", accToken, "hase group", group)
         return True if accToken.user.group == group else False
+
+    def run(self):
+        while True:
+            print("start allocate")
+            for accToken in self.tokenList:
+                print("controle", accToken)
+                if (datetime.now() - accToken.timestamp).seconds > self.lifetime:
+                    print("delete", accToken)
+                    self.tokenList.remove(accToken)
+                else:
+                    print("time is only", (datetime.now() - accToken.timestamp).seconds)
+            print(self.tokenList)
+            print("wait")
+            time.sleep(10)
diff --git a/geruecht/model/user.py b/geruecht/model/user.py
index 557e434..6c8c9de 100644
--- a/geruecht/model/user.py
+++ b/geruecht/model/user.py
@@ -12,6 +12,7 @@ class User(db.Model):
 
     def toJSON(self):
         dic = {
+            "userId": self.userID,
             "username": self.username,
             "firstname": self.firstname,
             "lastname": self.lastname,
diff --git a/geruecht/routes.py b/geruecht/routes.py
index c3efb3a..967be95 100644
--- a/geruecht/routes.py
+++ b/geruecht/routes.py
@@ -7,6 +7,7 @@ from flask import request, jsonify
 MONEY = "moneymaster"
 GASTRO = "gastro"
 USER = "user"
+BAR = "bar"
 
 def verifyAccessToken(token, group):
     accToken = accesTokenController.findAccesToken(token)
@@ -31,6 +32,15 @@ def _getFinanzer():
         return jsonify(dic)
     return jsonify({"error": "permission denied"}), 401
 
+@app.route("/valid", methods=['POST'])
+def _valid():
+    data = request.get_json()
+    token = data["token"]
+    accToken = verifyAccessToken(token, MONEY)
+    if accToken is not None:
+        return jsonify(accToken.user.toJSON())
+    return jsonify({"error": "permission denied"}), 401
+
 @app.route("/login", methods=['POST'])
 def _login():
     data = request.get_json()
@@ -43,11 +53,11 @@ def _login():
             token = accesTokenController.createAccesToken(user)
             dic = user.toJSON()
             dic["token"] = token
-            return jsonify({user.userID: dic})
+            return jsonify(dic)
         else:
             return jsonify({"error": "wrong password"}), 401
     return jsonify({"error": "wrong username"}), 402       
-    
+
 
 @app.route("/getFinanzer")
 def getFinanzer():
diff --git a/geruecht/site.db b/geruecht/site.db
index ae21fbe..172ae01 100644
Binary files a/geruecht/site.db and b/geruecht/site.db differ