diff --git a/cmd/server/main.go b/cmd/server/main.go
index ca758a5..f2fb698 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -91,43 +91,31 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 func (h Handler) serveHTTP(w http.ResponseWriter, r *http.Request) error {
 	h.limiter.Wait(r.Context())
 
-	if ok, err := h.auth(r); err != nil {
+	session, err := h.auth(r)
+	if err != nil {
 		return err
-	} else if !ok {
+	}
+	if session.Empty() {
 		w.Header().Set("WWW-Authenticate", "Basic realm=xyz")
 		w.WriteHeader(http.StatusUnauthorized)
 		w.Write([]byte(`IDENTIFY YOURSELF!`))
 		return nil
 	}
 
-	return h.handle(w, r)
+	return h.handle(session, w, r)
 }
 
-func (h Handler) auth(r *http.Request) (bool, error) {
+func (h Handler) auth(r *http.Request) (session, error) {
 	user, pass, ok := r.BasicAuth()
 	if !ok {
-		return false, nil
+		return Session{}, nil
 	}
 	session := Session{}
 	session.User.ID = base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", user, pass)))
 	session.User.Name = user
-	h.putSession(r, session)
-	return true, nil
+	return session, nil
 }
 
-func (h Handler) putSession(r *http.Request, session Session) {
-	ctx := r.Context()
-	ctx = context.WithValue(ctx, "session", session)
-	*r = *r.WithContext(ctx)
-}
-
-func (h Handler) getSession(r *http.Request) Session {
-	ctx := r.Context()
-	v := ctx.Value("session")
-	session, _ := v.(Session)
-	return session
-}
-
-func (h Handler) handle(w http.ResponseWriter, r *http.Request) error {
+func (h Handler) handle(session Session, w http.ResponseWriter, r *http.Request) error {
 	return errors.New("not impl")
 }