diff --git a/lab4/twidder/database.db b/lab4/twidder/database.db
index fb8b3a80470a0ee2dd1e55dcbb5893fea291cf33..62e952b66560737a684cb293009fc3c04ec37119 100644
Binary files a/lab4/twidder/database.db and b/lab4/twidder/database.db differ
diff --git a/lab4/twidder/server.py b/lab4/twidder/server.py
index 800329137540a9d7fc914921b47ed1841a909a30..1734acd49c353354949c72267b2701d4fc9f1d70 100644
--- a/lab4/twidder/server.py
+++ b/lab4/twidder/server.py
@@ -51,13 +51,35 @@ def create_response(success, message, data=None):
 def generate_token():
     return secrets.token_urlsafe(32)
 
+def validate_ws(data):
+    user_identifier = data["email"]
+    hashed_data = data["hashed_email"]
+    token = database_helper.get_token(user_identifier)
+    if token:
+        token = token[0]
+        print("ID", user_identifier)
+        print("token", token)
+        data_str_plus_token = user_identifier + token
+        print("data_str_plus_token", data_str_plus_token)
+        reconstructed_hashed_data = hashlib.sha512(
+            data_str_plus_token.encode("utf-8")
+        ).hexdigest()
+        print("hashed_user_id", hashed_data)
+        print("reconstructed", reconstructed_hashed_data)
+        if hashed_data == reconstructed_hashed_data:
+            print("Ws auth successfull")
+            return True
+        else:
+            print("Ws hash missmatch")
+    print("Ws auth failed")
+    return False
 
 def validate_request():
     data = request.args.to_dict() if request.method == "GET" else request.form.to_dict()
     user_identifier = data.get("user_identifier")
     hashed_data = request.headers["Authorization"]
+    print("normal req hashed data", hashed_data)
     token = database_helper.get_token(user_identifier)
-    print("token", token)
     if token:
         token = token[0]
         data_str = ""
@@ -340,6 +362,9 @@ def web_socket():
         ws = request.environ["wsgi.websocket"]
         obj = ws.receive()
         data = json.loads(obj)
+        if not validate_ws(data):
+            print("SHOULD RETURN")
+            return ""
         try:
             active_sockets[data["email"]] = ws
 
diff --git a/lab4/twidder/static/client.js b/lab4/twidder/static/client.js
index 0864b19a61f5650a650c691cd6776574143e9d94..b7d6ccc85182657f43e244a6009f629e618a539f 100644
--- a/lab4/twidder/static/client.js
+++ b/lab4/twidder/static/client.js
@@ -456,6 +456,7 @@ function xmlRequest(url, callback, params, token = null, requestType) {
 
   if (token) {
     let hashed_params = hash_params(params, token);
+    console.log("REQUEST", hashed_params)
     xhttp.setRequestHeader("Authorization", hashed_params);
   }
 
@@ -490,10 +491,14 @@ function connectWebSocket() {
 
   ws.onopen = function () {
     let email = localStorage.getItem("email");
-    let userData = { email: email };
+    let token = localStorage.getItem("token");
+    hashed_email = CryptoJS.SHA512(email + token).toString(CryptoJS.enc.Hex);;
+    console.log("hashed_email", hashed_email)
+    let userData = { email: email, hashed_email: hashed_email};
     ws.send(JSON.stringify(userData));
     console.log("Web socket opened");
 
+    // ping neccessary when using Heroku because of defualt timout on idle connections 
     let clock = setInterval(function () {
       console.log("Ping server");
       ws.send("ping");