diff --git a/planetwars-server/src/routes/users.rs b/planetwars-server/src/routes/users.rs
index bc30b28..967710e 100644
--- a/planetwars-server/src/routes/users.rs
+++ b/planetwars-server/src/routes/users.rs
@@ -5,6 +5,7 @@ use axum::extract::{FromRequest, RequestParts, TypedHeader};
 use axum::headers::authorization::Bearer;
 use axum::headers::Authorization;
 use axum::http::StatusCode;
+use axum::response::{Headers, IntoResponse, Response};
 use axum::{async_trait, Json};
 use serde::{Deserialize, Serialize};
 
@@ -70,10 +71,7 @@ pub struct LoginParams {
     pub password: String,
 }
 
-pub async fn login(
-    conn: DatabaseConnection,
-    params: Json<LoginParams>,
-) -> Result<String, StatusCode> {
+pub async fn login(conn: DatabaseConnection, params: Json<LoginParams>) -> Response {
     let credentials = Credentials {
         username: &params.username,
         password: &params.password,
@@ -82,10 +80,13 @@ pub async fn login(
     let authenticated = users::authenticate_user(&credentials, &conn);
 
     match authenticated {
-        None => Err(StatusCode::FORBIDDEN),
+        None => StatusCode::FORBIDDEN.into_response(),
         Some(user) => {
             let session = sessions::create_session(&user, &conn);
-            Ok(session.token)
+            let user_data: UserData = user.into();
+            let headers = Headers(vec![("Token", &session.token)]);
+
+            (headers, Json(user_data)).into_response()
         }
     }
 }
diff --git a/web/pw-server/src/routes/login.svelte b/web/pw-server/src/routes/login.svelte
index 09b1834..da3fc83 100644
--- a/web/pw-server/src/routes/login.svelte
+++ b/web/pw-server/src/routes/login.svelte
@@ -5,8 +5,8 @@
   let username: string | undefined;
   let password: string | undefined;
 
-  const onSubmit = () => {
-    fetch("/api/login", {
+  async function login() {
+    let response = await fetch("/api/login", {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
@@ -15,21 +15,23 @@
         username,
         password,
       }),
-    })
-      .then((response) => {
-        if (!response.ok) {
-          throw Error(response.statusText);
-        }
-        return response.text();
-      })
-      .then((token) => {
-        set_session_token(token);
-        goto("/");
-      });
-  };
+    });
+
+    if (!response.ok) {
+      throw Error(response.statusText);
+    }
+
+    let token = response.headers.get("Token");
+    set_session_token(token);
+
+    let user = await response.json();
+
+    goto("/");
+  }
 
   function loggedIn(): boolean {
-    return get_session_token() != null;
+    let session = get_session_token();
+    return session !== null && session !== undefined;
   }
 </script>
 
@@ -37,7 +39,7 @@
   you are logged in
 {/if}
 
-<form on:submit|preventDefault={onSubmit}>
+<form on:submit|preventDefault={login}>
   <label for="username">Username</label>
   <input name="username" bind:value={username} />
   <label for="password">Password</label>