diff --git a/cmd/ck-server/ck-server.go b/cmd/ck-server/ck-server.go
index f68518d..a344673 100644
--- a/cmd/ck-server/ck-server.go
+++ b/cmd/ck-server/ck-server.go
@@ -144,7 +144,14 @@ func dispatchConnection(conn net.Conn, sta *server.State) {
 		return
 	}
 
-	if sesh, existing := user.GetSession(sessionID, mux.MakeObfs(UID), mux.MakeDeobfs(UID), util.ReadTLS); existing {
+	sesh, existing, err := user.GetSession(sessionID, mux.MakeObfs(UID), mux.MakeDeobfs(UID), util.ReadTLS)
+	if err != nil {
+		user.DelSession(sessionID)
+		log.Println(err)
+		return
+	}
+
+	if existing {
 		sesh.AddConnection(conn)
 		return
 	} else {
diff --git a/internal/server/usermanager/user.go b/internal/server/usermanager/user.go
index 5c3dcd2..06efa02 100644
--- a/internal/server/usermanager/user.go
+++ b/internal/server/usermanager/user.go
@@ -1,10 +1,12 @@
 package usermanager
 
 import (
+	"errors"
 	"log"
 	"net"
 	"sync"
 	"sync/atomic"
+	"time"
 
 	mux "github.com/cbeuw/Cloak/internal/multiplex"
 )
@@ -82,17 +84,23 @@ func (u *User) DelSession(sessionID uint32) {
 	u.sessionsM.Unlock()
 }
 
-func (u *User) GetSession(sessionID uint32, obfs mux.Obfser, deobfs mux.Deobfser, obfsedRead func(net.Conn, []byte) (int, error)) (sesh *mux.Session, existing bool) {
-	// TODO: session cap
+func (u *User) GetSession(sessionID uint32, obfs mux.Obfser, deobfs mux.Deobfser, obfsedRead func(net.Conn, []byte) (int, error)) (sesh *mux.Session, existing bool, err error) {
+	if time.Now().Unix() > u.ExpiryTime {
+		return nil, false, errors.New("Expiry time passed")
+	}
 	u.sessionsM.Lock()
 	if sesh = u.sessions[sessionID]; sesh != nil {
 		u.sessionsM.Unlock()
-		return sesh, true
+		return sesh, true, nil
 	} else {
+		if len(u.sessions) >= int(u.SessionsCap) {
+			u.sessionsM.Unlock()
+			return nil, false, errors.New("SessionsCap reached")
+		}
 		log.Printf("Creating session %v\n", sessionID)
 		sesh = mux.MakeSession(sessionID, u.valve, obfs, deobfs, obfsedRead)
 		u.sessions[sessionID] = sesh
 		u.sessionsM.Unlock()
-		return sesh, false
+		return sesh, false, nil
 	}
 }
diff --git a/internal/server/usermanager/userpanel.go b/internal/server/usermanager/userpanel.go
index 37bd315..eeb1e8a 100644
--- a/internal/server/usermanager/userpanel.go
+++ b/internal/server/usermanager/userpanel.go
@@ -117,8 +117,6 @@ func (up *Userpanel) GetAndActivateAdminUser(AdminUID []byte) (*User, error) {
 	return user, nil
 }
 
-// TODO: expiry check
-
 // GetUser is used to retrieve a user if s/he is active, or to retrieve the user's infor
 // from the db and mark it as an active user
 func (up *Userpanel) GetAndActivateUser(UID []byte) (*User, error) {