diff --git a/auth.php b/auth.php
index 8685a86..06ac5b7 100644
--- a/auth.php
+++ b/auth.php
@@ -10,7 +10,7 @@ if(!isset($_COOKIE[$cookie_name])) {
   // Nicht angemeldet
   return false;
 } else {
-  $sessionId = $_COOKIE[$cookie_name];
+  $sessionId = filter_var($_COOKIE[$cookie_name], FILTER_SANITIZE_SPECIAL_CHARS);
   include('db.ini.php');
 
   $conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);