diff --git a/go.mod b/go.mod
index 85d538c..d9d4a5c 100644
--- a/go.mod
+++ b/go.mod
@@ -10,6 +10,7 @@ require (
 require github.com/mattn/go-sqlite3 v1.14.11 // indirect
 
 require (
+	github.com/google/uuid v1.3.0
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.4 // indirect
 	gorm.io/driver/sqlite v1.2.6
diff --git a/go.sum b/go.sum
index 73d41ff..73a5e04 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,8 @@
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
 github.com/jinzhu/now v1.1.2/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
diff --git a/main.go b/main.go
index ed82d63..98ab9c1 100644
--- a/main.go
+++ b/main.go
@@ -10,7 +10,9 @@ import (
 	"regexp"
 	"strings"
 	"text/template"
+	"time"
 
+	"github.com/google/uuid"
 	"gopkg.in/yaml.v3"
 )
 
@@ -144,8 +146,8 @@ func handler(w http.ResponseWriter, r *http.Request) {
 
 	var tmpl string
 
-	validpath := regexp.MustCompile(`^/(signup|login|hello)$`)
-	m := validpath.FindStringSubmatch(path)
+	anonPath := regexp.MustCompile(`^/(signup|login|hello)$`)
+	m := anonPath.FindStringSubmatch(path)
 
 	if m != nil {
 		userid, err := r.Cookie("user-id")
@@ -181,12 +183,14 @@ func handler(w http.ResponseWriter, r *http.Request) {
 func loginHandler(w http.ResponseWriter, r *http.Request) {
 	userid, err := r.Cookie("user-id")
 	fmt.Print(userid, err)
-	// if err != nil {
-	// 	useridbody := uuid.New()
-	// 	expiration := time.Now().Add(365 * 24 * time.Hour)
-	// 	cookie := http.Cookie{Name: "user-id", Value: useridbody.String(), Expires: expiration}
-	// 	http.SetCookie(w, &cookie)
-	// }
+
+	if errors.As(err, &http.ErrNoCookie) {
+		useridbody := uuid.New()
+		expiration := time.Now().Add(365 * 24 * time.Hour)
+		cookie := http.Cookie{Name: "user-id", Value: useridbody.String(), Expires: expiration}
+		http.SetCookie(w, &cookie)
+		// todo: store in db
+	}
 
 	switch strings.TrimRight(r.URL.Path, "/") {
 	case "/login":