diff --git a/index.php b/index.php
index cf05e8da..6e16229f 100644
--- a/index.php
+++ b/index.php
@@ -48,14 +48,11 @@ if (file_exists($configPath)) {
  */
 session_start(
     array(
-        'name'           => 'wishthis',
-        'read_and_close' => true,
+        'name' => 'wishthis'
     )
 );
 
-if (!isset($_SESSION['user'])) {
-    $_SESSION['user'] = new User();
-}
+$user = User::getCurrent();
 
 /**
  * Database
@@ -85,7 +82,7 @@ if (
 /**
  * Persistent (stay logged in)
  */
-if (isset($_COOKIE[COOKIE_PERSISTENT]) && $database && !$_SESSION['user']->isLoggedIn()) {
+if (isset($_COOKIE[COOKIE_PERSISTENT]) && $database && !$user->isLoggedIn()) {
     $sessions = $database
     ->query(
         'SELECT *
@@ -102,7 +99,7 @@ if (isset($_COOKIE[COOKIE_PERSISTENT]) && $database && !$_SESSION['user']->isLog
             $expires = strtotime($session['expires']);
 
             if (time() < $expires) {
-                $_SESSION['user'] = User::getFromID($session['user']);
+                $user = User::getFromID($session['user']);
 
                 break;
             }
@@ -130,7 +127,7 @@ $locales = array_filter(
     )
 );
 
-$locale = isset($_REQUEST['locale']) ? $_REQUEST['locale'] : \Locale::lookup($locales, $_SESSION['user']->getLocale(), false, 'en_GB');
+$locale = isset($_REQUEST['locale']) ? $_REQUEST['locale'] : \Locale::lookup($locales, $user->getLocale(), false, 'en_GB');
 
 /**
  * Wish
diff --git a/src/api/blog.php b/src/api/blog.php
index 85320d30..90b39eae 100644
--- a/src/api/blog.php
+++ b/src/api/blog.php
@@ -15,8 +15,10 @@ if (!isset($page)) {
     die('Direct access to this location is not allowed.');
 }
 
+$user = User::getCurrent();
+
 $dateFormatter = new \IntlDateFormatter(
-    $_SESSION['user']->getLocale(),
+    $user->getLocale(),
     \IntlDateFormatter::MEDIUM,
     \IntlDateFormatter::NONE
 );
diff --git a/src/api/save-preview.php b/src/api/save-preview.php
index 44f10b4c..da362de4 100644
--- a/src/api/save-preview.php
+++ b/src/api/save-preview.php
@@ -15,6 +15,8 @@ if (!isset($page)) {
     die('Direct access to this location is not allowed.');
 }
 
+$user = User::getCurrent();
+
 switch ($_SERVER['REQUEST_METHOD']) {
     case 'POST':
         if (isset($_POST['preview'], $_POST['page'])) {
@@ -36,7 +38,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
                 $preview_create = true;
             }
 
-            if ($preview_create && $_SESSION['user']->power >= $page->power) {
+            if ($preview_create && $user->power >= $page->power) {
                 file_put_contents($preview_filepath, $preview);
             }
         }
diff --git a/src/api/statistics.php b/src/api/statistics.php
index 40979914..e616794d 100644
--- a/src/api/statistics.php
+++ b/src/api/statistics.php
@@ -15,6 +15,8 @@ if (!isset($page)) {
     die('Direct access to this location is not allowed.');
 }
 
+$user = User::getCurrent();
+
 switch ($_SERVER['REQUEST_METHOD']) {
     case 'GET':
         if (isset($_GET['table'])) {
@@ -41,12 +43,12 @@ switch ($_SERVER['REQUEST_METHOD']) {
 
                     /** Get last modified */
                     $user_time_zome = new \IntlDateFormatter(
-                        $_SESSION['user']->getLocale()
+                        $user->getLocale()
                     );
                     $user_time_zome = $user_time_zome->getTimeZoneId();
 
                     $datetimeFormatter            = new \IntlDateFormatter(
-                        $_SESSION['user']->getLocale(),
+                        $user->getLocale(),
                         \IntlDateFormatter::RELATIVE_FULL,
                         \IntlDateFormatter::SHORT,
                         $user_time_zome
diff --git a/src/api/wishlists-saved.php b/src/api/wishlists-saved.php
index 9fa5af36..bf7cb107 100644
--- a/src/api/wishlists-saved.php
+++ b/src/api/wishlists-saved.php
@@ -15,12 +15,14 @@ if (!isset($page)) {
     die('Direct access to this location is not allowed.');
 }
 
+$user = User::getCurrent();
+
 switch ($_SERVER['REQUEST_METHOD']) {
     case 'GET':
         /**
          * Get
          */
-        $response['data'] = $_SESSION['user']->getSavedWishlists();
+        $response['data'] = $user->getSavedWishlists();
         break;
 
     case 'POST':
@@ -60,7 +62,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
                         :wishlist_id
                     );',
                     array(
-                        'user_id'     => $_SESSION['user']->id,
+                        'user_id'     => $user->id,
                         'wishlist_id' => Sanitiser::getNumber($_POST['wishlist']),
                     )
                 );
diff --git a/src/api/wishlists.php b/src/api/wishlists.php
index 22d84b04..6efa5e04 100644
--- a/src/api/wishlists.php
+++ b/src/api/wishlists.php
@@ -10,13 +10,15 @@ namespace wishthis;
 
 global $page, $database;
 
+$user = User::getCurrent();
+
 switch ($_SERVER['REQUEST_METHOD']) {
     case 'POST':
-        if (isset($_POST['wishlist-name'], $_SESSION['user']->id)) {
+        if (isset($_POST['wishlist-name'], $user->id)) {
             /**
              * Create
              */
-            $user_id       = Sanitiser::getNumber($_SESSION['user']->id);
+            $user_id       = Sanitiser::getNumber($user->id);
             $wishlist_name = Sanitiser::getTitle($_POST['wishlist-name']);
             $wishlist_hash = sha1(time() . $user_id . $wishlist_name);
 
@@ -134,7 +136,7 @@ switch ($_SERVER['REQUEST_METHOD']) {
 
             if ($wishlist->exists) {
                 /** Determine if user is allowed to access wishlist */
-                if ($_SESSION['user']->isLoggedIn() && $_SESSION['user']->id === $wishlist->user) {
+                if ($user->isLoggedIn() && $user->id === $wishlist->user) {
                     $response['results'] = $wishlist;
                 } else {
                     http_response_code(403);
@@ -153,11 +155,11 @@ switch ($_SERVER['REQUEST_METHOD']) {
             } else {
                 http_response_code(404);
             }
-        } elseif (isset($_GET['userid']) || isset($_SESSION['user']->id)) {
+        } elseif (isset($_GET['userid']) || isset($user->id)) {
             /**
              * Get user wishlists
              */
-            $user = $_SESSION['user'];
+            $user = $user;
 
             if (!$user->isLoggedIn()) {
                 $this->response(403);
diff --git a/src/classes/wishthis/Database.php b/src/classes/wishthis/Database.php
index 68b8d262..f14eb5c4 100644
--- a/src/classes/wishthis/Database.php
+++ b/src/classes/wishthis/Database.php
@@ -34,7 +34,7 @@ class Database
         $this->pdo = new \PDO($dsn, $this->user, $this->password, $options);
     }
 
-    public function query(string $query, array $placeholders = array()): \PDOStatement
+    public function query(string $query, array $placeholders = array()): \PDOStatement|false
     {
         $statement = $this->pdo->prepare($query, array(\PDO::FETCH_ASSOC));
 
diff --git a/src/classes/wishthis/Page.php b/src/classes/wishthis/Page.php
index 0a4cb6b3..cbe0ad41 100644
--- a/src/classes/wishthis/Page.php
+++ b/src/classes/wishthis/Page.php
@@ -153,7 +153,7 @@ class Page
         /**
          * Session
          */
-        $user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User();
+        $user = User::getCurrent();
 
         /**
          * Login
@@ -279,7 +279,7 @@ class Page
     {
         global $locales;
 
-        $user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User();
+        $user = User::getCurrent();
         ?>
         <!DOCTYPE html>
         <html lang="<?= $this->language ?>">
@@ -424,7 +424,7 @@ class Page
 
     public function navigation(): void
     {
-        $user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User();
+        $user = User::getCurrent();
 
         $wishlists = Navigation::Wishlists->value;
         $blog      = Navigation::Blog->value;
diff --git a/src/classes/wishthis/User.php b/src/classes/wishthis/User.php
index 5c50737c..b8a08e66 100644
--- a/src/classes/wishthis/User.php
+++ b/src/classes/wishthis/User.php
@@ -41,6 +41,16 @@ class User
         return sha1($plainPassword);
     }
 
+    public static function getCurrent(): self {
+        if (!isset($_SESSION['user'])) {
+            $_SESSION['user'] = new self();
+        }
+
+        $user = $_SESSION['user'];
+
+        return $user;
+    }
+
     /**
      * The users unique ID.
      *
@@ -235,7 +245,7 @@ class User
      */
     public function isLoggedIn(): bool
     {
-        return isset($_SESSION['user']->id) && $_SESSION['user']->id >= 1;
+        return isset($this->id) && $this->id >= 1;
     }
 
     /**
@@ -300,6 +310,117 @@ class User
             ?: $this->email;
     }
 
+    /**
+     * Attempts to log in the user. Return whether it was successful or not.
+     *
+     * @return bool Whether the log in was successful.
+     */
+    public function logIn(string $email = '', string $password = '', bool $user_login_is_persistent = false): bool {
+        global $database;
+
+        $login_was_successful = false;
+
+        if ('' === $email && '' === $password && isset($this->email, $this->password)) {
+            $email    = $this->email;
+            $password = $this->password;
+        }
+
+        /**
+         * Update the `last_login` column before fetching the user, so it's up
+         * to date for the session and later usage.
+         *
+         * If this fails, we are assuming the user credentials are wrong or that
+         * the user does not exist.
+         */
+        $update_last_login = $database
+        ->query(
+            'UPDATE `users`
+                SET `last_login` = NOW()
+              WHERE `email`      = :user_email
+                AND `password`   = :user_password;',
+            array(
+                'user_email'    => $email,
+                'user_password' => $password,
+            )
+        );
+
+        /**
+         * Updating the `last_login` column in the database has failed and we
+         * are now assuming that the credentials are wrong or that the user does
+         * not exist.
+         */
+        if (false === $update_last_login) {
+            return $login_was_successful;
+        }
+
+        /**
+         * The credentials seem fine, so we are fetching the user fields now.
+         */
+        $user_database_fields = $database
+        ->query(
+            'SELECT *
+               FROM `users`
+              WHERE `email`      = :user_email
+                AND `password`   = :user_password;',
+            array(
+                'user_email'    => $email,
+                'user_password' => $password,
+            )
+        )
+        ->fetch();
+
+        /**
+         * Create a `User` object instance and assign it for later use.
+         */
+        if (\is_array($user_database_fields)) {
+            $this->__construct($user_database_fields);
+
+            $_SESSION['user'] = $this;
+
+            $login_was_successful = true;
+        }
+
+        /**
+         * Make the session persist
+         */
+        if ($user_login_is_persistent) {
+            /** Cookie options */
+            $sessionLifetime = 2592000 * 4; // 4 Months
+            $sessionExpires  = time() + $sessionLifetime;
+            $sessionIsDev    = defined('ENV_IS_DEV') && ENV_IS_DEV || '127.0.0.1' === $_SERVER['REMOTE_ADDR'];
+            $sessionOptions  = array (
+                'domain'   => getCookieDomain(),
+                'expires'  => $sessionExpires,
+                'httponly' => true,
+                'path'     => '/',
+                'samesite' => 'None',
+                'secure'   => !$sessionIsDev,
+            );
+
+            /** Set cookie */
+            setcookie(COOKIE_PERSISTENT, session_id(), $sessionOptions);
+
+            $database->query(
+                'INSERT INTO `sessions` (
+                    `user`,
+                    `session`,
+                    `expires`
+                ) VALUES (
+                    :user_id,
+                    :session_id,
+                    :session_expires
+                );',
+                array(
+                    'user_id'         => $this->id,
+                    'session_id'      => session_id(),
+                    'session_expires' => date('Y-m-d H:i:s', $sessionExpires),
+                )
+            );
+        }
+
+        return $login_was_successful;
+    }
+
     public function logOut(): void
     {
         /** Destroy session */
@@ -335,4 +456,12 @@ class User
             )
         );
     }
+
+    public function getEmail(): string {
+        return $this->email;
+    }
+
+    public function getPassword(): string {
+        return $this->password;
+    }
 }
diff --git a/src/classes/wishthis/Wish.php b/src/classes/wishthis/Wish.php
index b118ee80..aeb5b45c 100644
--- a/src/classes/wishthis/Wish.php
+++ b/src/classes/wishthis/Wish.php
@@ -192,11 +192,12 @@ class Wish
         ob_start();
 
         $userCard        = User::getFromID($ofUser);
+        $userCurrent     = User::getCurrent();
         $numberFormatter = new \NumberFormatter(
             $userCard->getLocale() . '@currency=' . $userCard->getCurrency(),
             \NumberFormatter::CURRENCY
         );
-        $userIsCurrent   = isset($_SESSION['user']->id) && $_SESSION['user']->id === $userCard->id;
+        $userIsCurrent   = isset($userCurrent->id) && $userCurrent->id === $userCard->id;
 
         /**
          * Card
diff --git a/src/classes/wishthis/Wishlist.php b/src/classes/wishthis/Wishlist.php
index f42897b8..a5524764 100644
--- a/src/classes/wishthis/Wishlist.php
+++ b/src/classes/wishthis/Wishlist.php
@@ -120,12 +120,14 @@ class Wishlist
             )
         )';
 
-        if ($_SESSION['user']->isLoggedIn()) {
+        $user = User::getCurrent();
+
+        if ($user->isLoggedIn()) {
             $wishlist_ids = array_map(
                 function ($wishlist_data) {
                     return intval($wishlist_data['id']);
                 },
-                $_SESSION['user']->getWishlists()
+                $user->getWishlists()
             );
 
             /** Show all wishes (except fulfilled) */
diff --git a/src/functions/getWishlistNameSuggestion.php b/src/functions/getWishlistNameSuggestion.php
index d5e003b4..194dd0e5 100644
--- a/src/functions/getWishlistNameSuggestion.php
+++ b/src/functions/getWishlistNameSuggestion.php
@@ -10,7 +10,7 @@ namespace wishthis;
 
 function getWishlistNameSuggestion(): string
 {
-    $user  = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User();
+    $user  = User::getCurrent();
     $now   = time();
     $month = date('n');
     $name  = '';
diff --git a/src/functions/gettext.php b/src/functions/gettext.php
index 716ad9ba..4dcc8145 100644
--- a/src/functions/gettext.php
+++ b/src/functions/gettext.php
@@ -9,7 +9,7 @@ namespace wishthis;
 function __(string $text, string $context = null, User $user = null): string
 {
     if (null === $user) {
-        $user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User();
+        $user = User::getCurrent();
     }
 
     if (null !== $user->translations) {
diff --git a/src/functions/redirect.php b/src/functions/redirect.php
index be639c2f..70886604 100644
--- a/src/functions/redirect.php
+++ b/src/functions/redirect.php
@@ -10,7 +10,7 @@ use wishthis\User;
 
 function redirect(string $target)
 {
-    $user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User();
+    $user = User::getCurrent();
 
     /**
      * Redirect user based on channel setting
diff --git a/src/pages/blog.php b/src/pages/blog.php
index 66f7b00b..e299cf20 100644
--- a/src/pages/blog.php
+++ b/src/pages/blog.php
@@ -14,8 +14,9 @@ $page->bodyStart();
 $page->navigation();
 
 $posts = Blog::getPosts();
+$user = User::getCurrent();
 
-if ('en' !== \Locale::getPrimaryLanguage($_SESSION['user']->getLocale())) {
+if ('en' !== \Locale::getPrimaryLanguage($user->getLocale())) {
     $page->messages[] = Page::warning(
         sprintf(
             /** TRANSLATORS: %s: Language, most likely English */
@@ -37,7 +38,7 @@ if ('en' !== \Locale::getPrimaryLanguage($_SESSION['user']->getLocale())) {
             <?php foreach ($posts as $post) { ?>
                 <?php
                 $dateFormatter  = new \IntlDateFormatter(
-                    $_SESSION['user']->getLocale(),
+                    $user->getLocale(),
                     \IntlDateFormatter::MEDIUM,
                     \IntlDateFormatter::NONE
                 );
diff --git a/src/pages/home.php b/src/pages/home.php
index c330fd04..2505caed 100644
--- a/src/pages/home.php
+++ b/src/pages/home.php
@@ -12,6 +12,8 @@ $page = new Page(__FILE__, __('Home'));
 $page->header();
 $page->bodyStart();
 $page->navigation();
+
+$user = User::getCurrent();
 ?>
 
 <main>
@@ -26,7 +28,7 @@ $page->navigation();
                     <p><?= __('wishthis is a simple, intuitive and modern wishlist platform to create, manage and view your wishes for any kind of occasion.') ?></p>
 
                     <div class="ui two column doubling stackable centered grid actions">
-                        <?php if ($_SESSION['user']->isLoggedIn()) { ?>
+                        <?php if ($user->isLoggedIn()) { ?>
                             <div class="column">
                                 <a class="ui fluid primary button"
                                    href="<?= Page::PAGE_WISHLISTS ?>"
@@ -47,7 +49,7 @@ $page->navigation();
                                  ORDER BY `wishes`.`edited` DESC
                                     LIMIT 1;',
                                 array(
-                                    'user_id' => $_SESSION['user']->id,
+                                    'user_id' => $user->id,
                                 )
                             );
 
@@ -209,9 +211,9 @@ $page->navigation();
 
                 <?php
                 $locale_browser = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? \Locale::acceptFromHttp($_SERVER['HTTP_ACCEPT_LANGUAGE']) : DEFAULT_LOCALE;
-                $locale_user    = $_SESSION['user']->getLocale();
+                $locale_user    = $user->getLocale();
 
-                if ($_SESSION['user']->isLoggedIn() && $locale_browser !== $locale_user && in_array($locale_browser, $locales, true)) {
+                if ($user->isLoggedIn() && $locale_browser !== $locale_user && in_array($locale_browser, $locales, true)) {
                     ?>
                     <div class="ui segment">
                         <h2 class="ui header"><?= __('Hey, you') ?></h2>
@@ -221,7 +223,7 @@ $page->navigation();
                             printf(
                                 /** TRANSLATORS: %s: the users display name */
                                 __('Yes, I mean you, %s.'),
-                                $_SESSION['user']->getDisplayName()
+                                $user->getDisplayName()
                             );
                             ?>
                         </p>
diff --git a/src/pages/login-as.php b/src/pages/login-as.php
index dc576101..f1b2c63d 100644
--- a/src/pages/login-as.php
+++ b/src/pages/login-as.php
@@ -9,6 +9,7 @@
 namespace wishthis;
 
 $page = new Page(__FILE__, __('Login as'), 100);
+$user = User::getCurrent();
 
 if (isset($_POST['email'])) {
     $email = Sanitiser::getEmail($_POST['email']);
@@ -28,7 +29,8 @@ if (isset($_POST['email'])) {
     if ($success) {
         $fields = $userQuery->fetch();
 
-        $_SESSION['user'] = new User($fields);
+        $user = new User($fields);
+        $user->logIn();
     }
 }
 
@@ -55,7 +57,7 @@ $users = $database
         <?php
         if (isset($success)) {
             if ($success) {
-                echo Page::success(sprintf(__('Successfully logged in as %s.'), $_SESSION['user']->email), __('Success'));
+                echo Page::success(sprintf(__('Successfully logged in as %s.'), $user->email), __('Success'));
             } else {
                 echo Page::error(__('User not found!'), __('Error'));
             }
diff --git a/src/pages/login.php b/src/pages/login.php
index e279b462..a74c26b9 100644
--- a/src/pages/login.php
+++ b/src/pages/login.php
@@ -14,94 +14,13 @@ $page = new Page(__FILE__, __('Login'));
  * Login
  */
 if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
-    $email    = Sanitiser::getEmail($_POST['email']);
-    $password = User::passwordToHash($_POST['password']);
+    $user_email               = \filter_input(\INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
+    $user_password            = User::passwordToHash($_POST['password']);
+    $user_login_is_persistent = isset($_POST['persistent']);
 
-    $database
-    ->query(
-        'UPDATE `users`
-            SET `last_login` = NOW()
-          WHERE `email`      = :user_email
-            AND `password`   = :user_password;',
-        array(
-            'user_email'    => $email,
-            'user_password' => $password,
-        )
-    );
+    $user->login($user_email, $user_password, $user_login_is_persistent);
 
-    $fields = $database
-    ->query(
-        'SELECT *
-           FROM `users`
-          WHERE `email`      = :user_email
-            AND `password`   = :user_password;',
-        array(
-            'user_email'    => $email,
-            'user_password' => $password,
-        )
-    )
-    ->fetch();
-
-    $success = is_array($fields);
-
-    if ($success) {
-        $_SESSION['user'] = new User($fields);
-
-        /**
-         * Persisent session
-         */
-        if (isset($_POST['persistent'])) {
-            /** Cookie options */
-            $sessionLifetime = 2592000 * 4; // 4 Months
-            $sessionExpires  = time() + $sessionLifetime;
-            $sessionIsDev    = defined('ENV_IS_DEV') && ENV_IS_DEV || '127.0.0.1' === $_SERVER['REMOTE_ADDR'];
-            $sessionOptions  = array (
-                'domain'   => getCookieDomain(),
-                'expires'  => $sessionExpires,
-                'httponly' => true,
-                'path'     => '/',
-                'samesite' => 'None',
-                'secure'   => !$sessionIsDev,
-            );
-
-            /** Set cookie */
-            setcookie(COOKIE_PERSISTENT, session_id(), $sessionOptions);
-
-            /** Column sessions.expires was added in v0.7.1. */
-            if ($database->columnExists('sessions', 'expires')) {
-                $database->query(
-                    'INSERT INTO `sessions` (
-                        `user`,
-                        `session`,
-                        `expires`
-                    ) VALUES (
-                        :user_id,
-                        :session_id,
-                        :session_expires
-                    );',
-                    array(
-                        'user_id'         => $_SESSION['user']->id,
-                        'session_id'      => session_id(),
-                        'session_expires' => date('Y-m-d H:i:s', $sessionExpires),
-                    )
-                );
-            } else {
-                $database->query(
-                    'INSERT INTO `sessions` (
-                        `user`,
-                        `session`
-                    ) VALUES (
-                        :user_id,
-                        :session_id
-                    );',
-                    array(
-                        'user_id'    => $_SESSION['user']->id,
-                        'session_id' => session_id(),
-                    )
-                );
-            }
-        }
-    } else {
+    if (!$user->isLoggedIn()) {
         $page->messages[] = Page::error(
             __('No user could be found with the credentials you provided.'),
             __('Invalid credentials'),
@@ -109,7 +28,7 @@ if (isset($_POST['login'], $_POST['email'], $_POST['password'])) {
     }
 }
 
-if ($_SESSION['user']->isLoggedIn()) {
+if ($user->isLoggedIn()) {
     if (isset($_SESSION['REDIRECT_URL'])) {
         redirect($_SESSION['REDIRECT_URL']);
     } else {
diff --git a/src/pages/logout.php b/src/pages/logout.php
index aac1a4d0..d6abb0e5 100644
--- a/src/pages/logout.php
+++ b/src/pages/logout.php
@@ -9,8 +9,8 @@
 namespace wishthis;
 
 $page = new Page(__FILE__, __('Logout'));
-
-$_SESSION['user']->logOut();
+$user = User::getCurrent();
+$user->logOut();
 
 $page->header();
 $page->bodyStart();
diff --git a/src/pages/parts/wishlist.php b/src/pages/parts/wishlist.php
index d3d816f0..f8bf131c 100644
--- a/src/pages/parts/wishlist.php
+++ b/src/pages/parts/wishlist.php
@@ -6,10 +6,11 @@
 
 namespace wishthis;
 
+$user = User::getCurrent();
 ?>
 
-<?php if ($_SESSION['user']->isLoggedIn()) { ?>
-    <input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" />
+<?php if ($user->isLoggedIn()) { ?>
+    <input type="hidden" name="user-id" value="<?= $user->id ?>" />
 <?php } ?>
 
 <div class="wishlist-filter-wrapper">
diff --git a/src/pages/power.php b/src/pages/power.php
index 93256348..c7b4e7df 100644
--- a/src/pages/power.php
+++ b/src/pages/power.php
@@ -12,6 +12,8 @@ $page = new Page(__FILE__, __('Insufficient power'));
 $page->header();
 $page->bodyStart();
 $page->navigation();
+
+$user = User::getCurrent();
 ?>
 
 <main>
@@ -20,7 +22,7 @@ $page->navigation();
 
         <div class="ui segment">
             <h2 class="ui header"><?= __('Restricted access') ?></h2>
-            <p><?= sprintf(__('You do not have enough power to view this page. You need %s to see this page, but only have %s.'), '<strong>' . $_GET['required'] . '</strong>', '<strong>' . $_SESSION['user']->power . '</strong>') ?></p>
+            <p><?= sprintf(__('You do not have enough power to view this page. You need %s to see this page, but only have %s.'), '<strong>' . $_GET['required'] . '</strong>', '<strong>' . $user->power . '</strong>') ?></p>
         </div>
     </div>
 </main>
diff --git a/src/pages/profile.php b/src/pages/profile.php
index 4a9b12bc..6b3c951d 100644
--- a/src/pages/profile.php
+++ b/src/pages/profile.php
@@ -9,6 +9,7 @@
 namespace wishthis;
 
 $page = new Page(__FILE__, __('Profile'), 1);
+$user = User::getCurrent();
 
 if (isset($_POST['user-id'], $_POST['section'])) {
     $set              = array();
@@ -37,10 +38,10 @@ if (isset($_POST['user-id'], $_POST['section'])) {
     $loginRequired    = false;
 
     foreach ($formFieldsString as $field) {
-        if (!empty($_POST[$field['key']]) && $_POST[$field['key']] !== $_SESSION['user']->{$field['column']}) {
+        if (!empty($_POST[$field['key']]) && $_POST[$field['key']] !== $user->{$field['column']}) {
             $set[] = '`' . $field['column'] . '` = "' . $_POST[$field['key']] . '"';
 
-            $_SESSION['user']->{$field['column']} = $_POST[$field['key']];
+            $user->{$field['column']} = $_POST[$field['key']];
 
             $page->messages[] = Page::success(
                 sprintf(
@@ -52,7 +53,7 @@ if (isset($_POST['user-id'], $_POST['section'])) {
         }
     }
 
-    if (!empty($_POST['user-email']) && $_POST['user-email'] !== $_SESSION['user']->email) {
+    if (!empty($_POST['user-email']) && $_POST['user-email'] !== $user->email) {
         $loginRequired = true;
     }
 
@@ -61,13 +62,13 @@ if (isset($_POST['user-id'], $_POST['section'])) {
      */
     if (isset($_POST['user-birthdate'])) {
         if (empty($_POST['user-birthdate'])) {
-            $_SESSION['user']->birthdate = null;
+            $user->birthdate = null;
 
             $set[] = '`birthdate` = NULL';
         } else {
-            $_SESSION['user']->birthdate = date('Y-m-d', strtotime($_POST['user-birthdate']));
+            $user->birthdate = date('Y-m-d', strtotime($_POST['user-birthdate']));
 
-            $set[] = '`birthdate` = "' . $_SESSION['user']->birthdate . '"';
+            $set[] = '`birthdate` = "' . $user->birthdate . '"';
         }
     }
 
@@ -89,57 +90,57 @@ if (isset($_POST['user-id'], $_POST['section'])) {
      */
 
     /** Language */
-    if (isset($_POST['user-language']) && $_POST['user-language'] !== $_SESSION['user']->getLocale()) {
-        $_SESSION['user']->setLocale($_POST['user-language']);
+    if (isset($_POST['user-language']) && $_POST['user-language'] !== $user->getLocale()) {
+        $user->setLocale($_POST['user-language']);
 
-        $set[] = '`language` = "' . $_SESSION['user']->getLocale() . '"';
+        $set[] = '`language` = "' . $user->getLocale() . '"';
 
         $page->messages[] = Page::success(
             sprintf(
                 /** TRANSLATORS: %s: The new locale */
                 __('Language set to %s.'),
-                '<strong>' . $_SESSION['user']->getLocale() . '</strong>'
+                '<strong>' . $user->getLocale() . '</strong>'
             ),
             __('Success')
         );
     }
 
     /** Currency */
-    if (isset($_POST['user-currency']) && $_POST['user-currency'] !== $_SESSION['user']->getLocale() && $_POST['user-currency'] !== $_SESSION['user']->getCurrency()) {
-        $_SESSION['user']->setCurrency($_POST['user-currency']);
+    if (isset($_POST['user-currency']) && $_POST['user-currency'] !== $user->getLocale() && $_POST['user-currency'] !== $user->getCurrency()) {
+        $user->setCurrency($_POST['user-currency']);
 
-        $set[] = '`currency` = "' . $_SESSION['user']->getCurrency() . '"';
+        $set[] = '`currency` = "' . $user->getCurrency() . '"';
 
         $page->messages[] = Page::success(
             sprintf(
                 /** TRANSLATORS: %s: The new locale */
                 __('Currency set to %s.'),
-                '<strong>' . $_SESSION['user']->getCurrency() . '</strong>'
+                '<strong>' . $user->getCurrency() . '</strong>'
             ),
             __('Success')
         );
     }
 
     /** Channel */
-    if (isset($_POST['user-channel']) && $_POST['user-channel'] !== $_SESSION['user']->channel) {
+    if (isset($_POST['user-channel']) && $_POST['user-channel'] !== $user->channel) {
         if (empty($_POST['user-channel'])) {
-            $_SESSION['user']->channel = null;
+            $user->channel = null;
 
             $set[] = '`channel` = NULL';
         } else {
-            $_SESSION['user']->channel = $_POST['user-channel'];
+            $user->channel = $_POST['user-channel'];
 
-            $set[] = '`channel` = "' . $_SESSION['user']->channel . '"';
+            $set[] = '`channel` = "' . $user->channel . '"';
         }
     }
 
     /** Advertisements */
     if (isset($_POST['enable-advertisements'])) {
-        $_SESSION['user']->advertisements = true;
+        $user->advertisements = true;
 
         $set[] = '`advertisements` = TRUE';
     } else {
-        $_SESSION['user']->advertisements = false;
+        $user->advertisements = false;
 
         $set[] = '`advertisements` = FALSE';
     }
@@ -171,8 +172,8 @@ if (isset($_POST['user-id'], $_POST['section'])) {
      * Account
      */
     if (isset($_POST['account-delete'])) {
-        $_SESSION['user']->delete();
-        $_SESSION['user']->logOut();
+        $user->delete();
+        $user->logOut();
 
         redirect(Page::PAGE_HOME);
     }
@@ -217,26 +218,26 @@ $page->navigation();
 
                     <div class="ui segment">
                         <form class="ui form" method="POST">
-                            <input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" />
+                            <input type="hidden" name="user-id" value="<?= $user->id ?>" />
                             <input type="hidden" name="section" value="personal" />
 
                             <div class="three fields">
                                 <div class="field">
                                     <label><?= __('First name') ?></label>
 
-                                    <input type="text" name="user-name-first" value="<?= $_SESSION['user']->name_first ?>" />
+                                    <input type="text" name="user-name-first" value="<?= $user->name_first ?>" />
                                 </div>
 
                                 <div class="field">
                                     <label><?= __('Last name') ?></label>
 
-                                    <input type="text" name="user-name-last" value="<?= $_SESSION['user']->name_last ?>" />
+                                    <input type="text" name="user-name-last" value="<?= $user->name_last ?>" />
                                 </div>
 
                                 <div class="field">
                                     <label><?= __('Nickname') ?></label>
 
-                                    <input type="text" name="user-name-nick" value="<?= $_SESSION['user']->name_nick ?>" />
+                                    <input type="text" name="user-name-nick" value="<?= $user->name_nick ?>" />
                                 </div>
                             </div>
 
@@ -244,7 +245,7 @@ $page->navigation();
                                 <div class="field">
                                     <label><?= __('Email') ?></label>
 
-                                    <input type="email" name="user-email" value="<?= $_SESSION['user']->email ?>" />
+                                    <input type="email" name="user-email" value="<?= $user->email ?>" />
                                 </div>
 
                                 <div class="field" data-content="<?= __('Used to suggest a wishlist called "Birthday", if it\'s coming up.') ?>">
@@ -259,7 +260,7 @@ $page->navigation();
                                             <input type="text"
                                                 name="user-birthdate"
                                                 placeholder="<?= __('Pick a date') ?>"
-                                                value="<?= $_SESSION['user']->birthdate ?>"
+                                                value="<?= $user->birthdate ?>"
                                             />
                                         </div>
                                     </div>
@@ -283,7 +284,7 @@ $page->navigation();
 
                     <div class="ui segment">
                         <form class="ui form" method="POST">
-                            <input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" />
+                            <input type="hidden" name="user-id" value="<?= $user->id ?>" />
                             <input type="hidden" name="section" value="password" />
 
                             <div class="two fields">
@@ -346,7 +347,7 @@ $page->navigation();
 
                     <div class="ui segment">
                         <form class="ui form" method="POST">
-                            <input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" />
+                            <input type="hidden" name="user-id" value="<?= $user->id ?>" />
                             <input type="hidden" name="section" value="preferences" />
 
                             <div class="two fields">
@@ -355,14 +356,14 @@ $page->navigation();
 
                                     <select class="ui search dropdown language" name="user-language">
                                         <?php if (!in_array('en_GB', $locales)) { ?>
-                                            <option value="<?= 'en_GB' ?>"><?= \Locale::getDisplayName('en_GB', $_SESSION['user']->getLocale()) ?></option>
+                                            <option value="<?= 'en_GB' ?>"><?= \Locale::getDisplayName('en_GB', $user->getLocale()) ?></option>
                                         <?php } ?>
 
                                         <?php foreach ($locales as $locale) { ?>
-                                            <?php if ($locale === $_SESSION['user']->getLocale()) { ?>
-                                                <option value="<?= $locale ?>" selected><?= \Locale::getDisplayName($locale, $_SESSION['user']->getLocale()) ?></option>
+                                            <?php if ($locale === $user->getLocale()) { ?>
+                                                <option value="<?= $locale ?>" selected><?= \Locale::getDisplayName($locale, $user->getLocale()) ?></option>
                                             <?php } else { ?>
-                                                <option value="<?= $locale ?>"><?= \Locale::getDisplayName($locale, $_SESSION['user']->getLocale()) ?></option>
+                                                <option value="<?= $locale ?>"><?= \Locale::getDisplayName($locale, $user->getLocale()) ?></option>
                                             <?php } ?>
                                         <?php } ?>
                                     </select>
@@ -390,7 +391,7 @@ $page->navigation();
                                             }
                                             ?>
 
-                                            <?php if ($currencyISO === $_SESSION['user']->getCurrency()) { ?>
+                                            <?php if ($currencyISO === $user->getCurrency()) { ?>
                                                 <option value="<?= $currencyISO ?>" selected><?= $currencyValue ?></option>
                                             <?php } else { ?>
                                                 <option value="<?= $currencyISO ?>"><?= $currencyValue ?></option>
@@ -446,7 +447,7 @@ $page->navigation();
 
                     <div class="ui segment">
                         <form class="ui form" method="POST">
-                            <input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" />
+                            <input type="hidden" name="user-id" value="<?= $user->id ?>" />
                             <input type="hidden" name="section" value="preferences" />
 
                             <?php if (defined('CHANNELS') && is_array(CHANNELS)) { ?>
@@ -461,7 +462,7 @@ $page->navigation();
                                         <option value=""><?= __('Select channel') ?></option>
 
                                         <?php foreach (CHANNELS as $channel) { ?>
-                                            <?php if ($channel['branch'] === $_SESSION['user']->channel) { ?>
+                                            <?php if ($channel['branch'] === $user->channel) { ?>
                                                 <option value="<?= $channel['branch'] ?>" selected><?= $channel['label'] ?></option>
                                             <?php } else { ?>
                                                 <option value="<?= $channel['branch'] ?>"><?= $channel['label'] ?></option>
@@ -511,7 +512,7 @@ $page->navigation();
 
                     <div class="ui segment">
                         <form class="ui form" method="POST">
-                            <input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" />
+                            <input type="hidden" name="user-id" value="<?= $user->id ?>" />
                             <input type="hidden" name="section" value="preferences" />
 
                             <div class="field">
@@ -519,7 +520,7 @@ $page->navigation();
 
                                 <div class="ui toggle checkbox advertisements">
                                     <?php
-                                    $user = isset($_SESSION['user']->id) ? $_SESSION['user'] : new User();
+                                    $user = isset($user->id) ? $user : new User();
                                     ?>
 
                                     <?php if (true === $user->advertisements) { ?>
@@ -562,7 +563,7 @@ $page->navigation();
 
                     <div class="ui segment">
                         <form class="ui form" method="POST">
-                            <input type="hidden" name="user-id" value="<?= $_SESSION['user']->id ?>" />
+                            <input type="hidden" name="user-id" value="<?= $user->id ?>" />
                             <input type="hidden" name="section" value="account" />
 
                             <div class="field">
diff --git a/src/pages/wishlist.php b/src/pages/wishlist.php
index e2c63e0f..2f2ff097 100644
--- a/src/pages/wishlist.php
+++ b/src/pages/wishlist.php
@@ -24,6 +24,8 @@ if (!$wishlist->exists) {
 $page->header();
 $page->bodyStart();
 $page->navigation();
+
+$user = User::getCurrent();
 ?>
 
 <main>
@@ -33,7 +35,7 @@ $page->navigation();
         <div class="ui stackable grid">
             <div class="column">
 
-                <?php if ($_SESSION['user']->isLoggedIn() && $_SESSION['user']->id !== $wishlist->user) { ?>
+                <?php if ($user->isLoggedIn() && $user->id !== $wishlist->user) { ?>
                     <button class="ui white small basic labeled icon button save disabled loading">
                         <i class="heart icon"></i>
                         <span><?= __('Remember list') ?></span>
@@ -47,7 +49,7 @@ $page->navigation();
         /**
          * Warn the wishlist creator
          */
-        if ($_SESSION['user']->isLoggedIn() && $_SESSION['user']->id === $wishlist->user) { ?>
+        if ($user->isLoggedIn() && $user->id === $wishlist->user) { ?>
             <div class="ui icon warning message wishlist-own">
                 <i class="exclamation triangle icon"></i>
                 <div class="content">
diff --git a/src/pages/wishlists-saved.php b/src/pages/wishlists-saved.php
index de31fade..fe6d4109 100644
--- a/src/pages/wishlists-saved.php
+++ b/src/pages/wishlists-saved.php
@@ -13,7 +13,9 @@ $page->header();
 $page->bodyStart();
 $page->navigation();
 
-$wishlists         = $_SESSION['user']->getSavedWishlists();
+$user = User::getCurrent();
+
+$wishlists         = $user->getSavedWishlists();
 $wishlists_by_user = array();
 
 foreach ($wishlists as $wishlist_saved) {