diff --git a/api/openapi.yaml b/api/openapi.yaml
index 3d94606..3ecd644 100644
--- a/api/openapi.yaml
+++ b/api/openapi.yaml
@@ -94,6 +94,34 @@ paths:
         '500':
           description: Internal Server Error
       parameters: []
+  /api/v1/auth/session:
+    get:
+      summary: Validate current session and return user role
+      description: Check if the current session is valid and return the user's role.
+      operationId: validateSession
+      tags:
+        - Sessions
+      responses:
+        '200':
+          description: Session validation result
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  valid:
+                    type: boolean
+                    description: Indicates if the current session is valid
+                  role:
+                    type: string
+                    example: "admin"
+                    description: The role of the current user
+                    nullable: true
+                  name:
+                    type: string
+                    example: "r00t"
+                    description: The name of the current user
+                    nullable: true
   /api/v1/users:
     get:
       tags:
diff --git a/html/assets/js/api.js b/html/assets/js/api.js
index 48778b9..0b4a1fa 100644
--- a/html/assets/js/api.js
+++ b/html/assets/js/api.js
@@ -33,10 +33,11 @@ window.ctf01d_tp_api.auth_signin = function(auth_data) {
       });
 }
 
-window.ctf01d_tp_api.auth_session = function() {
+window.ctf01d_tp_api.auth_session = function (auth_data) {
     return $.ajax({
         url: '/api/v1/auth/session',
         method: 'GET',
         contentType: 'application/json',
+        data: JSON.stringify(auth_data),
       });
 }
diff --git a/html/assets/js/index.js b/html/assets/js/index.js
index 56e030d..89ef4cd 100644
--- a/html/assets/js/index.js
+++ b/html/assets/js/index.js
@@ -228,6 +228,6 @@ $(document).ready(function () {
         $('#btn_signin').css({"display": "none"});
         $('#btn_signout').css({"display": "inline-block"});
         $('#btn_profile').css({"display": "inline-block"});
-        $('#btn_profile').html(res.username + "(" + res.userrole + ")");
+        $('#btn_profile').html(res.name + " (" + res.role + ")");
     })
-})
\ No newline at end of file
+})
diff --git a/internal/app/handlers/interface.go b/internal/app/handlers/interface.go
index 8b8d2a9..6a04b5e 100644
--- a/internal/app/handlers/interface.go
+++ b/internal/app/handlers/interface.go
@@ -42,6 +42,10 @@ func (siw *ServerInterfaceWrapper) PostApiV1AuthSignout(w http.ResponseWriter, r
 	siw.handlers.PostApiV1AuthSignout(w, r)
 }
 
+func (siw *ServerInterfaceWrapper) ValidateSession(w http.ResponseWriter, r *http.Request) {
+	siw.handlers.ValidateSession(w, r)
+}
+
 func (siw *ServerInterfaceWrapper) ListResults(w http.ResponseWriter, r *http.Request) {
 	siw.handlers.ListResults(w, r)
 }
diff --git a/internal/app/handlers/sessions.go b/internal/app/handlers/sessions.go
index f2a8375..3c0301d 100644
--- a/internal/app/handlers/sessions.go
+++ b/internal/app/handlers/sessions.go
@@ -66,3 +66,8 @@ func (h *Handlers) PostApiV1AuthSignout(w http.ResponseWriter, r *http.Request)
 	})
 	api_helpers.RespondWithJSON(w, http.StatusOK, map[string]string{"data": "User logout successful"})
 }
+
+func (h *Handlers) ValidateSession(w http.ResponseWriter, r *http.Request) {
+	// implement me
+	api_helpers.RespondWithJSON(w, http.StatusOK, map[string]string{"role": "Admin", "name": "R00t"})
+}
diff --git a/internal/app/server/server.gen.go b/internal/app/server/server.gen.go
index b71e793..8b3e389 100644
--- a/internal/app/server/server.gen.go
+++ b/internal/app/server/server.gen.go
@@ -263,6 +263,9 @@ type UpdateUserJSONRequestBody = UserRequest
 
 // ServerInterface represents all server handlers.
 type ServerInterface interface {
+	// Validate current session and return user role
+	// (GET /api/v1/auth/session)
+	ValidateSession(w http.ResponseWriter, r *http.Request)
 	// Login user
 	// (POST /api/v1/auth/signin)
 	PostApiV1AuthSignin(w http.ResponseWriter, r *http.Request)
@@ -347,6 +350,12 @@ type ServerInterface interface {
 
 type Unimplemented struct{}
 
+// Validate current session and return user role
+// (GET /api/v1/auth/session)
+func (_ Unimplemented) ValidateSession(w http.ResponseWriter, r *http.Request) {
+	w.WriteHeader(http.StatusNotImplemented)
+}
+
 // Login user
 // (POST /api/v1/auth/signin)
 func (_ Unimplemented) PostApiV1AuthSignin(w http.ResponseWriter, r *http.Request) {
@@ -512,6 +521,21 @@ type ServerInterfaceWrapper struct {
 
 type MiddlewareFunc func(http.Handler) http.Handler
 
+// ValidateSession operation middleware
+func (siw *ServerInterfaceWrapper) ValidateSession(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	handler := http.Handler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		siw.Handler.ValidateSession(w, r)
+	}))
+
+	for _, middleware := range siw.HandlerMiddlewares {
+		handler = middleware(handler)
+	}
+
+	handler.ServeHTTP(w, r.WithContext(ctx))
+}
+
 // PostApiV1AuthSignin operation middleware
 func (siw *ServerInterfaceWrapper) PostApiV1AuthSignin(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
@@ -1171,6 +1195,9 @@ func HandlerWithOptions(si ServerInterface, options ChiServerOptions) http.Handl
 		ErrorHandlerFunc:   options.ErrorHandlerFunc,
 	}
 
+	r.Group(func(r chi.Router) {
+		r.Get(options.BaseURL+"/api/v1/auth/session", wrapper.ValidateSession)
+	})
 	r.Group(func(r chi.Router) {
 		r.Post(options.BaseURL+"/api/v1/auth/signin", wrapper.PostApiV1AuthSignin)
 	})