diff --git a/auth/session.go b/auth/session.go
index ec3f68b..1783820 100644
--- a/auth/session.go
+++ b/auth/session.go
@@ -22,11 +22,28 @@ type Session struct {
 	ID     string    `json:"id"`
 	UserID string    `json:"user"`
 	Time   time.Time `json:"time"`
+	data   map[string]string
+}
+
+// SetData sets session data
+func (sess *Session) SetData(key, value string) {
+	sess.data[key] = value
+}
+
+// GetData gets session data for the following key
+func (sess *Session) GetData(key string) string {
+	return sess.data[key]
+}
+
+// HasData checks if the session data contains the key
+func (sess *Session) HasData(key string) bool {
+	_, ok := sess.data[key]
+	return ok
 }
 
 // OpenSession creates a new session from the supplied user's ID
 func OpenSession(user *User) *Session {
-	session := &Session{generate.SessionID(), user.FullID(), time.Now()}
+	session := &Session{generate.SessionID(), user.FullID(), time.Now(), make(map[string]string)}
 
 	sessionMutex.Lock()
 	sessions[session.ID] = session
@@ -38,6 +55,8 @@ func OpenSession(user *User) *Session {
 		go cleanup()
 	}
 
+	user.Session = session
+
 	return session
 }
 
diff --git a/auth/user.go b/auth/user.go
index b1cabb8..0d376e2 100644
--- a/auth/user.go
+++ b/auth/user.go
@@ -1,9 +1,11 @@
 package auth
 
+// User represents a logged-in user of the website or app.
 type User struct {
-	ID    string            `json:"id"`
-	Level string            `json:"level"`
-	Data  map[string]string `json:"data"`
+	ID      string            `json:"id"`
+	Level   string            `json:"level"`
+	Data    map[string]string `json:"data"`
+	Session *Session          `json:"-"`
 
 	method    Authenticator
 	loggedOut bool