diff --git a/src/cpp/Gradido_LoginServer.cpp b/src/cpp/Gradido_LoginServer.cpp
index 8e6040337..5d3f09f03 100644
--- a/src/cpp/Gradido_LoginServer.cpp
+++ b/src/cpp/Gradido_LoginServer.cpp
@@ -256,8 +256,8 @@ int Gradido_LoginServer::main(const std::vector<std::string>& args)
 
 		// load pending tasks not finished in last session
 		PendingTasksManager::getInstance()->load();
-
-		CronManager::getInstance()->init();
+		int php_server_ping = config().getInt("phpServer.ping", 600000);
+		CronManager::getInstance()->init(php_server_ping);
 
 		printf("[Gradido_LoginServer::main] started in %s\n", usedTime.string().data());
 		// wait for CTRL-C or kill
@@ -270,7 +270,6 @@ int Gradido_LoginServer::main(const std::vector<std::string>& args)
 		// Stop the json server
 		json_srv.stop();
 
-
 		ServerConfig::unload();
 		Poco::Net::uninitializeSSL();
 		// Optional:  Delete all global objects allocated by libprotobuf.
diff --git a/src/cpp/JSONInterface/JsonCreateUser.cpp b/src/cpp/JSONInterface/JsonCreateUser.cpp
index d21874aaa..f0a6ee7e9 100644
--- a/src/cpp/JSONInterface/JsonCreateUser.cpp
+++ b/src/cpp/JSONInterface/JsonCreateUser.cpp
@@ -18,6 +18,7 @@ Poco::JSON::Object* JsonCreateUser::handle(Poco::Dynamic::Var params)
 	bool login_after_register = false;
 	int emailType;
 	int group_id;
+
 	auto em = EmailManager::getInstance();
 	auto sm = SessionManager::getInstance();
 
@@ -35,6 +36,7 @@ Poco::JSON::Object* JsonCreateUser::handle(Poco::Dynamic::Var params)
 			paramJsonObject->get("last_name").convert(last_name);
 			paramJsonObject->get("emailType").convert(emailType);
 			paramJsonObject->get("group_id").convert(group_id);
+
 			if ((ServerConfig::g_AllowUnsecureFlags & ServerConfig::UNSECURE_PASSWORD_REQUESTS)) {
 				paramJsonObject->get("password").convert(password);
 			}
@@ -52,15 +54,15 @@ Poco::JSON::Object* JsonCreateUser::handle(Poco::Dynamic::Var params)
 
 	auto user = controller::User::create();
 	if (user->load(email) > 0) {
-		// return customStateError("exist", "user already exist");
-		Poco::JSON::Object* result = new Poco::JSON::Object;
+		/*Poco::JSON::Object* result = new Poco::JSON::Object;
 		result->set("state", "exist");
 		result->set("msg", "user already exist");
-		return result;
+		return result;*/
+		return customStateError("exist", "user already exist");
 	}
 
 	if (password.size()) {
-		ErrorList errors;
+		NotificationList errors;
 		if (!sm->checkPwdValidation(password, &errors)) {
 			Poco::JSON::Object* result = new Poco::JSON::Object;
 			result->set("state", "error");
@@ -91,7 +93,7 @@ Poco::JSON::Object* JsonCreateUser::handle(Poco::Dynamic::Var params)
 		UniLib::controller::TaskPtr create_authenticated_encrypten_key = new AuthenticatedEncryptionCreateKeyTask(user, password);
 		create_authenticated_encrypten_key->scheduleTask(create_authenticated_encrypten_key);
 	}
-
+	
 	auto emailOptIn = controller::EmailVerificationCode::create(userModel->getID(), model::table::EMAIL_OPT_IN_REGISTER);
 	auto emailOptInModel = emailOptIn->getModel();
 	if (!emailOptInModel->insertIntoDB(false)) {
diff --git a/src/cpp/JSONInterface/JsonGetLogin.cpp b/src/cpp/JSONInterface/JsonGetLogin.cpp
index 65638bf37..f85a05765 100644
--- a/src/cpp/JSONInterface/JsonGetLogin.cpp
+++ b/src/cpp/JSONInterface/JsonGetLogin.cpp
@@ -16,50 +16,15 @@ Poco::JSON::Object* JsonGetLogin::handle(Poco::Dynamic::Var params)
 	auto pt = PendingTasksManager::getInstance();
 	auto observer = SingletonTaskObserver::getInstance();
 
-	if (params.isStruct()) {
-		session_id = params["session_id"];
-		//std::string miau = params["miau"];
-	}
-	else if (params.isVector()) {
-		try {
-			const Poco::URI::QueryParameters queryParams = params.extract<Poco::URI::QueryParameters>();
-			for (auto it = queryParams.begin(); it != queryParams.end(); it++) {
-				if (it->first == "session_id") {
-					auto numberParseResult = DataTypeConverter::strToInt(it->second, session_id);
-					if (DataTypeConverter::NUMBER_PARSE_OKAY != numberParseResult) {
-						return stateError("error parsing session_id", DataTypeConverter::numberParseStateToString(numberParseResult));
-					}
-					break;
-				}
-			}
-			//auto var = params[0];
-		}
-		catch (Poco::Exception& ex) {
-			return stateError("error parsing query params, Poco Error", ex.displayText());
-		}
-	}
-	
-	if (!session_id) {
-		return stateError("empty session id");
-	}
-	
-	auto session = sm->getSession(session_id);
-	if (!session) {
-		return customStateError("not found", "session not found");
-	}
-	
-	auto userNew = session->getNewUser();
-	//auto user = session->getUser();
-	if (userNew.isNull()) {
-		return customStateError("not found", "Session didn't contain user");
-	}
-	auto userModel = userNew->getModel();
-	if(userModel.isNull()) {
-		return customStateError("not found", "User is empty");
+	auto session_check_result = checkAndLoadSession(params, true);
+	if (session_check_result) {
+		return session_check_result;
 	}
+
 	Poco::JSON::Object* result = new Poco::JSON::Object;
 	result->set("state", "success");
-	result->set("clientIP", session->getClientIp().toString());
+	//result->set("clientIP", mSession->getClientIp().toString());
+	auto userNew = mSession->getNewUser();
 	try {
 		result->set("user", userNew->getJson());
 	}
@@ -82,7 +47,7 @@ Poco::JSON::Object* JsonGetLogin::handle(Poco::Dynamic::Var params)
 	//pending = some_must_sign.size();
 	result->set("Transactions.can_signed", some_must_sign.size());
 
-	auto executing = observer->getTaskCount(userModel->getEmail(), TASK_OBSERVER_SIGN_TRANSACTION);
+	auto executing = observer->getTaskCount(userNew->getModel()->getEmail(), TASK_OBSERVER_SIGN_TRANSACTION);
 	if (executing < 0) {
 		executing = 0;
 	}
diff --git a/src/cpp/JSONInterface/JsonRequestHandler.cpp b/src/cpp/JSONInterface/JsonRequestHandler.cpp
index 3fedcd01e..9453434de 100644
--- a/src/cpp/JSONInterface/JsonRequestHandler.cpp
+++ b/src/cpp/JSONInterface/JsonRequestHandler.cpp
@@ -29,7 +29,6 @@ JsonRequestHandler::JsonRequestHandler(Session* session)
 
 void JsonRequestHandler::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
 {
-
 	response.setChunkedTransferEncoding(false);
 	response.setContentType("application/json");
 	if (ServerConfig::g_AllowUnsecureFlags & ServerConfig::UNSECURE_CORS_ALL) {
@@ -72,12 +71,12 @@ void JsonRequestHandler::handleRequest(Poco::Net::HTTPServerRequest& request, Po
 				json_result->get("session_id").convert(session_id);
 			}
 			catch (Poco::Exception& e) {
-				ErrorList erros;
+				NotificationList erros;
 				erros.addError(new Error("json request", "invalid session_id"));
 				erros.sendErrorsAsEmail();
 			}
 			if (session_id) {
-				auto session = SessionManager::getInstance()->getSession("session_id");
+				auto session = SessionManager::getInstance()->getSession(session_id);
 				response.addCookie(session->getLoginCookie());
 			}
 		}
diff --git a/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp b/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp
index 2fd76c4b9..1ec87d9f5 100644
--- a/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp
+++ b/src/cpp/JSONInterface/JsonRequestHandlerFactory.cpp
@@ -14,8 +14,10 @@
 #include "JsonTransaction.h"
 #include "JsonGetRunningUserTasks.h"
 #include "JsonGetUsers.h"
+#include "JsonLogout.h"
 #include "JsonNetworkInfos.h"
 #include "JsonGetUserInfos.h"
+#include "JsonUnsecureLogin.h"
 #include "JsonUpdateUserInfos.h"
 #include "JsonUnsecureLogin.h"
 #include "JsonLogout.h"
@@ -63,6 +65,12 @@ Poco::Net::HTTPRequestHandler* JsonRequestHandlerFactory::createRequestHandler(c
 		s = sm->getSession(session_id);
 	}
 
+	auto client_host = request.clientAddress().host();
+	//auto client_ip = request.clientAddress();
+	// X-Real-IP forwarded ip from nginx config
+	auto client_host_string = request.get("X-Real-IP", client_host.toString());
+	client_host = Poco::Net::IPAddress(client_host_string);
+
 	if (url_first_part == "/login") {
 		return new JsonGetLogin;
 	}
@@ -107,6 +115,9 @@ Poco::Net::HTTPRequestHandler* JsonRequestHandlerFactory::createRequestHandler(c
 		requestHandler->setSession(s);
 		return requestHandler;
 	}
+	else if (url_first_part == "/unsecureLogin" && (ServerConfig::g_AllowUnsecureFlags & ServerConfig::UNSECURE_PASSWORD_REQUESTS)) {
+		return new JsonUnsecureLogin(client_host);
+	}
 	else if (url_first_part == "/appLogin") {
 		return new JsonAppLogin;
 	}
@@ -115,5 +126,9 @@ Poco::Net::HTTPRequestHandler* JsonRequestHandlerFactory::createRequestHandler(c
 			sm->releaseSession(s);
 		}
 	}
+	else if (url_first_part == "/logout") {
+		return new JsonLogout(client_host);
+	}
+	
 	return new JsonUnknown;
 }
diff --git a/src/cpp/JSONInterface/JsonUnsecureLogin.cpp b/src/cpp/JSONInterface/JsonUnsecureLogin.cpp
index 18080cfa6..401f46e41 100644
--- a/src/cpp/JSONInterface/JsonUnsecureLogin.cpp
+++ b/src/cpp/JSONInterface/JsonUnsecureLogin.cpp
@@ -52,7 +52,7 @@ Poco::JSON::Object* JsonUnsecureLogin::handle(Poco::Dynamic::Var params)
 		return stateError("user with email not found", email);
 	}
 
-	ErrorList pwd_errors;
+	NotificationList pwd_errors;
 	Poco::JSON::Object* result = new Poco::JSON::Object;
 
 	if (!password.size() || !sm->checkPwdValidation(password, &pwd_errors)) {
@@ -110,5 +110,4 @@ Poco::JSON::Object* JsonUnsecureLogin::handle(Poco::Dynamic::Var params)
 	sm->releaseSession(session);
 	
 	return result;
-
 }
\ No newline at end of file
diff --git a/src/cpp/ServerConfig.cpp b/src/cpp/ServerConfig.cpp
index ba8d5f784..5aaf65edc 100644
--- a/src/cpp/ServerConfig.cpp
+++ b/src/cpp/ServerConfig.cpp
@@ -59,8 +59,10 @@ namespace ServerConfig {
 	ServerSetupType g_ServerSetupType = SERVER_TYPE_PRODUCTION;
 	std::string g_gRPCRelayServerFullURL;
 	MemoryBin*  g_CryptoAppSecret = nullptr;
+	AllowUnsecure g_AllowUnsecureFlags = NOT_UNSECURE;
 	HederaConsensusMessageFormat g_ConsensusMessageFormat = HEDERA_CONSENSUS_FORMAT_BINARY;
 	HederaNetworkType g_HederaNetworkType = HEDERA_TESTNET;
+	Poco::Timespan  g_HederaDefaultTimeout;
 
 #ifdef __linux__ 
 #include <stdio.h>      
@@ -262,6 +264,23 @@ namespace ServerConfig {
 		}
 		//g_CryptoAppSecret
 
+		// unsecure flags
+		//g_AllowUnsecureFlags
+		if (cfg.getInt("unsecure.allow_passwort_via_json_request", 0) == 1) {
+			g_AllowUnsecureFlags = (AllowUnsecure)(g_AllowUnsecureFlags | UNSECURE_PASSWORD_REQUESTS);
+		}
+		if (cfg.getInt("unsecure.allow_auto_sign_transactions", 0) == 1) {
+			g_AllowUnsecureFlags = (AllowUnsecure)(g_AllowUnsecureFlags | UNSECURE_AUTO_SIGN_TRANSACTIONS);
+		}
+		if (cfg.getInt("unsecure.allow_cors_all", 0) == 1) {
+			g_AllowUnsecureFlags = (AllowUnsecure)(g_AllowUnsecureFlags | UNSECURE_CORS_ALL);
+		}
+		if (cfg.getInt("unsecure.allow_all_passwords", 0) == 1) {
+			g_AllowUnsecureFlags = (AllowUnsecure)(g_AllowUnsecureFlags | UNSECURE_ALLOW_ALL_PASSWORDS);
+		}
+		
+		g_HederaDefaultTimeout = cfg.getInt("hedera.default_timeout", 5);
+
 		g_gRPCRelayServerFullURL = cfg.getString("grpc.server", "");
 
 		// unsecure flags
diff --git a/src/cpp/ServerConfig.h b/src/cpp/ServerConfig.h
index 4a0cbec7d..9d48521fa 100644
--- a/src/cpp/ServerConfig.h
+++ b/src/cpp/ServerConfig.h
@@ -61,6 +61,8 @@ namespace ServerConfig {
 		HEDERA_UNKNOWN
 	};
 
+	
+
 
 	extern Mnemonic g_Mnemonic_WordLists[MNEMONIC_MAX];
 
@@ -90,6 +92,8 @@ namespace ServerConfig {
 	extern AllowUnsecure g_AllowUnsecureFlags;
 	extern HederaConsensusMessageFormat g_ConsensusMessageFormat;
 	extern HederaNetworkType g_HederaNetworkType;
+	extern Poco::Timespan  g_HederaDefaultTimeout;
+
 
 	bool loadMnemonicWordLists();
 	bool initServerCrypto(const Poco::Util::LayeredConfiguration& cfg);