diff --git a/src/Controller/HomeController.php b/src/Controller/HomeController.php
index b5a180e..a80c1ed 100644
--- a/src/Controller/HomeController.php
+++ b/src/Controller/HomeController.php
@@ -1,12 +1,30 @@
 <?php namespace MapGuesser\Controller;
 
+use MapGuesser\Interfaces\Request\IRequest;
+use MapGuesser\Interfaces\Response\IContent;
 use MapGuesser\Interfaces\Response\IRedirect;
+use MapGuesser\Response\JsonContent;
 use MapGuesser\Response\Redirect;
 
 class HomeController
 {
+    private IRequest $request;
+
+    public function __construct(IRequest $request)
+    {
+        $this->request = $request;
+    }
+
     public function getIndex(): IRedirect
     {
         return new Redirect(\Container::$routeCollection->getRoute('maps')->generateLink(), IRedirect::TEMPORARY);
     }
+
+    public function startSession(): IContent
+    {
+        // session starts with the request, this method just sends valid data to the client
+
+        $data = ['antiCsrfToken' => $this->request->session()->get('anti_csrf_token')];
+        return new JsonContent($data);
+    }
 }
diff --git a/web.php b/web.php
index 279ac51..807d96b 100644
--- a/web.php
+++ b/web.php
@@ -13,6 +13,7 @@ if (!empty($_ENV['DEV'])) {
 Container::$routeCollection = new MapGuesser\Routing\RouteCollection();
 
 Container::$routeCollection->get('index', '', [MapGuesser\Controller\MapsController::class, 'getMaps']);
+Container::$routeCollection->get('startSession', 'startSession.json', [MapGuesser\Controller\HomeController::class, 'startSession']);
 Container::$routeCollection->group('login', function (MapGuesser\Routing\RouteCollection $routeCollection) {
     $routeCollection->get('login', '', [MapGuesser\Controller\LoginController::class, 'getLoginForm']);
     $routeCollection->post('login-action', '', [MapGuesser\Controller\LoginController::class, 'login']);