diff --git a/lib/phoenix_api_template_web/auth/set_user.ex b/lib/phoenix_api_template_web/auth/set_user.ex
new file mode 100644
index 0000000..1b8f33d
--- /dev/null
+++ b/lib/phoenix_api_template_web/auth/set_user.ex
@@ -0,0 +1,27 @@
+defmodule PhoenixApiTemplateWeb.Auth.SetUser do
+  import Plug.Conn
+  alias PhoenixApiTemplateWeb.Auth.ErrorResponse
+  alias PhoenixApiTemplate.Accounts
+
+  def init(_options) do
+  end
+
+  def call(conn, _options) do
+    if conn.assigns[:user] do
+      conn
+    else
+      user_id = get_session(conn, :user_id)
+
+      if user_id == nil do
+        raise ErrorResponse.Unauthorized
+      end
+
+      user = Accounts.get_user!(user_id)
+
+      cond do
+        user_id && user -> assign(conn, :user, user)
+        true -> assign(conn, :user, nil)
+      end
+    end
+  end
+end
diff --git a/lib/phoenix_api_template_web/controllers/user_controller.ex b/lib/phoenix_api_template_web/controllers/user_controller.ex
index a347e0b..5a76095 100644
--- a/lib/phoenix_api_template_web/controllers/user_controller.ex
+++ b/lib/phoenix_api_template_web/controllers/user_controller.ex
@@ -29,6 +29,7 @@ defmodule PhoenixApiTemplateWeb.UserController do
     case Guardian.authenticate(email, password) do
       {:ok, user, token} ->
         conn
+        |> Plug.Conn.put_session(:user_id, user.id)
         |> put_status(:ok)
         |> render("user_token.json", %{user: user, token: token})
 
diff --git a/lib/phoenix_api_template_web/router.ex b/lib/phoenix_api_template_web/router.ex
index 5985fa6..dba4bd6 100644
--- a/lib/phoenix_api_template_web/router.ex
+++ b/lib/phoenix_api_template_web/router.ex
@@ -16,10 +16,12 @@ defmodule PhoenixApiTemplateWeb.Router do
 
   pipeline :api do
     plug(:accepts, ["json"])
+    plug :fetch_session
   end
 
   pipeline :auth do
     plug PhoenixApiTemplateWeb.Auth.Pipeline
+    plug PhoenixApiTemplateWeb.Auth.SetUser
   end
 
   scope "/api", PhoenixApiTemplateWeb do
diff --git a/test_requests/get_user.http b/test_requests/get_user.http
index 7c19f91..900ecd7 100644
--- a/test_requests/get_user.http
+++ b/test_requests/get_user.http
@@ -1,4 +1,4 @@
-GET http://localhost:4000/api/users/by_id/eae6f03c-6276-48e3-b6df-0797b2f8cb99 HTTP/1.1
+GET http://localhost:4000/api/users/by_id/f0818034-be59-4618-bf16-0632bbef3a72 HTTP/1.1
 content-type: application/json
-Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJwaG9lbml4X2FwaV90ZW1wbGF0ZSIsImV4cCI6MTY3OTEzODAxMiwiaWF0IjoxNjc2NzE4ODEyLCJpc3MiOiJwaG9lbml4X2FwaV90ZW1wbGF0ZSIsImp0aSI6ImRmYjc5NDExLTgwY2QtNDNkZC1hYmU0LWMxYjg2OWJhODI4YyIsIm5iZiI6MTY3NjcxODgxMSwic3ViIjoiZWFlNmYwM2MtNjI3Ni00OGUzLWI2ZGYtMDc5N2IyZjhjYjk5IiwidHlwIjoiYWNjZXNzIn0.b1F2a57dv4hCp1015--QPaE3bEVePXNeg-JajkqA_PGxKZx_kJoedLt8KIuCDTVAF-Sn--iWr1miOUowwgbwhA
+Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJwaG9lbml4X2FwaV90ZW1wbGF0ZSIsImV4cCI6MTY3OTE1Njk5NiwiaWF0IjoxNjc2NzM3Nzk2LCJpc3MiOiJwaG9lbml4X2FwaV90ZW1wbGF0ZSIsImp0aSI6Ijk0ZjJlOGQ5LTJkZmYtNDM4Zi1hY2Y4LWZiMzAwODJmZDU2YiIsIm5iZiI6MTY3NjczNzc5NSwic3ViIjoiZWFlNmYwM2MtNjI3Ni00OGUzLWI2ZGYtMDc5N2IyZjhjYjk5IiwidHlwIjoiYWNjZXNzIn0.32jNDsUQZemN6V_sR8xZtmlQp1kECPEcS63yCR655HlyWYsaNYCF3t4Wi37to6lmYUuE8QUD0qI3BHkqhroScQ
  
\ No newline at end of file