Maybe someone has already done this? Could someone help me a little bit? Then I'd be glad to make a PR for the ktor-examples on Github to have this there as well for the future.

Do sessions work for your intent? https://ktor.io/servers/features/sessions.html#usage

What I try to achieve is the following: • For authentication, a POST must be sent to

/auth

with the credentials in the body • A session token is created which is stored in a cookie • When no session token is available in the cookie (except for

/auth

) a 401 should be sent to the client I guess the

401

handling should be somehow done by the Ktor framework.

Ahh, yeah you may want to checkout

ktor-auth

and define which routes require authentication through that

Cool Thx.