diff --git a/paramecio/libraries/db/formsutils.py b/paramecio/libraries/db/formsutils.py
index ba5678d..29f0653 100644
--- a/paramecio/libraries/db/formsutils.py
+++ b/paramecio/libraries/db/formsutils.py
@@ -125,6 +125,7 @@ def csrf_token(token_id='csrf_token'):
     
     #if not 'csrf_token' in s:    
     s['csrf_token']=create_key_encrypt()
+    
         #s.save()
     
     return '<input type="hidden" name="csrf_token" class="csrf_token" id="'+token_id+'" value="'+s['csrf_token']+'" />'
diff --git a/paramecio/libraries/httputils.py b/paramecio/libraries/httputils.py
index 4055ebc..4a9769f 100644
--- a/paramecio/libraries/httputils.py
+++ b/paramecio/libraries/httputils.py
@@ -7,7 +7,7 @@ from paramecio.libraries.keyutils import create_key_encrypt
 from bottle import HTTPResponse
 
 no_csrf=False
-change_csrf=False
+change_csrf=True
 
 try:
 
@@ -84,15 +84,22 @@ class GetPostFiles:
         
         self.post={}
         
-        try:
+        if not request.json:
         
-            self.post=request.forms.decode('utf-8')
+            try:
             
-        except:
-            
-            request.forms.recode_unicode=False
-            self.post=request.forms.decode('utf-8')
+                self.post=request.forms.decode('utf-8')
+                
+            except:
+                
+                request.forms.recode_unicode=False
+                self.post=request.forms.decode('utf-8')
         
+
+        else:
+            self.post=request.json
+        
+        #print(self.post.keys())
         if len(required_post)==0:
             required_post=self.post.keys()
         
@@ -111,7 +118,7 @@ class GetPostFiles:
                     
                     # Clean csrf_token
                     
-                    del s['csrf_token']
+                    #del s['csrf_token']
                         
                     #s.save()
                     
diff --git a/paramecio/libraries/sessionplugin.py b/paramecio/libraries/sessionplugin.py
index 56e905a..b8e8606 100644
--- a/paramecio/libraries/sessionplugin.py
+++ b/paramecio/libraries/sessionplugin.py
@@ -20,6 +20,48 @@ def get_session():
     
     return request.environ.get('session', {})
 
+def session_plugin(callback):
+    
+    def wrapper(*args, **kwargs):
+        
+        cookie=request.get_cookie(config.cookie_name)
+            
+        safe=None
+        
+        if not cookie:
+            session=Session()
+        else:
+            
+            safe=URLSafeTimedSerializer(config.key_encrypt)
+            try:
+                session=Session(safe.loads(cookie))
+                
+                if type(session).__name__!='Session':
+                    session=Session()
+                
+            except:
+                session=Session()
+        
+        kwargs['session']=session
+        
+        #For compatibility with old sessions server-side style. 
+        
+        request.environ['session']=session
+        
+        rv=callback(*args, **kwargs)
+        
+        if session.changed:
+            print('changed')
+            if not safe:
+                safe=URLSafeTimedSerializer(config.key_encrypt)
+            
+            #if not max_age:
+            response.set_cookie(config.cookie_name, safe.dumps(session), path=config.session_opts['session.path'], httponly=True)
+            
+        return rv
+        
+    return wrapper
+
 class SessionPlugin(object):
 
     name = 'session'