diff --git a/Customers/CustomsAviso.aspx.vb b/Customers/CustomsAviso.aspx.vb
index b89c8a5..abe9949 100644
--- a/Customers/CustomsAviso.aspx.vb
+++ b/Customers/CustomsAviso.aspx.vb
@@ -160,28 +160,28 @@ Partial Class Kundenbereich_Default
         dt = Nothing
         If txt_Absender.Text IsNot "" Then
             txt_Absender.ValidateRequestMode = UI.ValidateRequestMode.Enabled
-            Absender = txt_Absender.Text
+            Absender = Server.HtmlEncode(txt_Absender.Text)
         ElseIf txt_Empfaenger.Text IsNot "" Then
             txt_Empfaenger.ValidateRequestMode = UI.ValidateRequestMode.Enabled
-            Empfaenger = txt_Empfaenger.Text
+            Empfaenger = Server.HtmlEncode(txt_Empfaenger.Text)
         ElseIf txt_KdNrAuftrag.Text IsNot "" Then
             txt_KdNrAuftrag.ValidateRequestMode = UI.ValidateRequestMode.Enabled
-            KDNAFNR = txt_KdNrAuftrag.Text
+            KDNAFNR = Server.HtmlEncode(txt_KdNrAuftrag.Text)
         ElseIf txt_LKWNr.Text IsNot "" Then
             txt_LKWNr.ValidateRequestMode = UI.ValidateRequestMode.Enabled
-            LKWNR = txt_LKWNr.Text
+            LKWNR = Server.HtmlEncode(txt_LKWNr.Text)
         ElseIf txt_Absender_M.Text IsNot "" Then
             txt_Absender_M.ValidateRequestMode = UI.ValidateRequestMode.Enabled
-            Absender = txt_Absender_M.Text
+            Absender = Server.HtmlEncode(txt_Absender_M.Text)
         ElseIf txt_Empfaenger_M.Text IsNot "" Then
             txt_Empfaenger_M.ValidateRequestMode = UI.ValidateRequestMode.Enabled
-            Empfaenger = txt_Empfaenger_M.Text
+            Empfaenger = Server.HtmlEncode(txt_Empfaenger_M.Text)
         ElseIf txt_KdNrAuftrag_M.Text IsNot "" Then
             txt_KdNrAuftrag_M.ValidateRequestMode = UI.ValidateRequestMode.Enabled
-            KDNAFNR = txt_KdNrAuftrag_M.Text
+            KDNAFNR = Server.HtmlEncode(txt_KdNrAuftrag_M.Text)
         ElseIf txt_LKWNr_M.Text IsNot "" Then
             txt_LKWNr_M.ValidateRequestMode = UI.ValidateRequestMode.Enabled
-            LKWNR = txt_LKWNr_M.Text
+            LKWNR = Server.HtmlEncode(txt_LKWNr_M.Text)
         End If
 
         If rbt_Alle.Selected = True Or rbt_Alle_M.Selected = True Then
@@ -220,9 +220,9 @@ Partial Class Kundenbereich_Default
             Else
                 Try
                     datevon = Date.Parse(pickdate1.Text)
-                    MsgBox(pickdate1.Text)
+                    'MsgBox(pickdate1.Text)
                     datebis = Date.Parse(pickdate2.Text)
-                    MsgBox(pickdate2.Text)
+                    ' MsgBox(pickdate2.Text)
                     dt = VERAG_PROG_ALLGEMEIN.cAviso.GET_KDLIST_WEB(Art, Kdnrtext, {1}, datevon, datebis, Absender, Empfaenger, LKWNR, KDNAFNR)
                 Catch ex As Exception
                     MsgBox(ex.StackTrace, MsgBoxStyle.Exclamation)
@@ -330,7 +330,7 @@ Partial Class Kundenbereich_Default
             tbl_cellNothing.Style.Add("text-align", "center")
             Dim tr = New TableRow()
             tr.Style.Add("text-align", "center")
-            tbl_cellNothing.Text = "Keine Daten gefunden."
+            tbl_cellNothing.Text = Server.HtmlEncode("Keine Daten gefunden.")
             tr.Cells.Add(tbl_cellNothing)
             normaltable.Rows.Add(tr)
         End If
diff --git a/Web.config b/Web.config
index 6b89d14..e2f3e85 100644
--- a/Web.config
+++ b/Web.config
@@ -27,6 +27,7 @@
     <authentication mode="Forms">
       <forms defaultUrl="admin/admin.aspx" loginUrl="login/Login_FLEX.aspx" slidingExpiration="true" timeout="2880" />
     </authentication>
+	  <sessionState mode="InProc" timeout="2880" cookieless="AutoDetect" regenerateExpiredSessionId="false" compressionEnabled="true"></sessionState>
     <httpRuntime requestValidationMode="2.0" />
     <pages validateRequest="false" controlRenderingCompatibilityVersion="4.0" />
     <!--<securityPolicy>
diff --git a/login/login_FLEX.aspx.vb b/login/login_FLEX.aspx.vb
index ca05fe9..2720a2e 100644
--- a/login/login_FLEX.aspx.vb
+++ b/login/login_FLEX.aspx.vb
@@ -38,16 +38,13 @@ Partial Class login_login_TEST
                             Login1.FailureText = "Account has not been activated."
                             Exit Select
                         Case Else
-                            If Session.IsNewSession = True Then
-                                Session.Add("test", Login1.UserName)
-                                CustomerIDTextBox = Login1.FindControl("CustomerID")
-                                Session.Add("CustomerID", CustomerIDTextBox.Text)
-                                Session.Add("PW", Login1.Password)
-                                FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet)
-                            Else
-                                FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet)
-                            End If
 
+                            Session.Add("test", Login1.UserName)
+                                CustomerIDTextBox = Login1.FindControl("CustomerID")
+                            Session.Add("CustomerID", CustomerIDTextBox.Text)
+
+                            Session.Add("PW", Login1.Password)
+                            FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet)
 
                             'FormsAuthentication.SetAuthCookie(Login1.UserName, True)
                             'Response.Redirect("mypage.aspx")