diff --git a/ajax/comment.php b/ajax/comment.php
index 106c926..248dd93 100644
--- a/ajax/comment.php
+++ b/ajax/comment.php
@@ -12,7 +12,7 @@ $user = validate_user();
 if (!$user->valid) {
     http_response_code(403);
     header("Content-Type: applcation/json");
-    echo json_encode(array('status' => 'novalid'));
+    echo json_encode(array('status' => 'invalid'));
     exit;
 }
 
diff --git a/ajax/like.php b/ajax/like.php
index b6fc615..b750e53 100644
--- a/ajax/like.php
+++ b/ajax/like.php
@@ -11,7 +11,7 @@ $user = validate_user();
 if (!$user->valid) {
     http_response_code(403);
     header("Content-Type: applcation/json");
-    echo json_encode(array('status' => 'novalid'));
+    echo json_encode(array('status' => 'invalid'));
     exit;
 }
 
diff --git a/ajax/notification.php b/ajax/notification.php
index efe7a78..3be5c5a 100644
--- a/ajax/notification.php
+++ b/ajax/notification.php
@@ -2,16 +2,32 @@
 set_include_path('../include/');
 $includepath = TRUE;
 require_once('../include/security.php');
+require_once('../include/user.php');
 require_once('../connection/SQL.php');
 require_once('../config.php');
 
+$user = validate_user();
+if (!$user->valid) {
+    http_response_code(403);
+    header("Content-Type: applcation/json");
+    echo json_encode(array('status' => 'invalid'));
+    exit;
+}
+
+if (!$user->login) {
+    http_response_code(403);
+    header('Content-Type: application/json');
+    echo json_encode(array('status' => 'nologin'));
+    exit;
+}
+
 if (isset($_GET['fetch']) || isset($_GET['count'])) {
-    if (isset($_SESSION['cavern_username'])) {
+    if (isset($user->username)) {
         if (isset($_GET['fetch'])) {
             $data = process_notifications(20); // fetch 20 comments
-            $SQL->query("UPDATE `notification` SET `read` = 1 WHERE `read` = 0 AND `username` = '%s'", array($_SESSION['cavern_username'])); // read all comments
+            $SQL->query("UPDATE `notification` SET `read` = 1 WHERE `read` = 0 AND `username` = '%s'", array($user->username)); // read all comments
         } else if (isset($_GET['count'])) {
-            $query = cavern_query_result("SELECT COUNT(*) AS `count` FROM `notification` WHERE `username` = '%s' AND `read` = 0", array($_SESSION['cavern_username']));
+            $query = cavern_query_result("SELECT COUNT(*) AS `count` FROM `notification` WHERE `username` = '%s' AND `read` = 0", array($user->username));
             $count = $query['row']['count'];
             $data = array("status" => TRUE, "fetch" => round($_SERVER['REQUEST_TIME_FLOAT'] * 1000), "unread_count" => $count);
         }
@@ -27,7 +43,8 @@ echo json_encode($data);
 exit;
 
 function process_notifications($limit) {
-    $result = cavern_query_result("SELECT * FROM `notification` WHERE `username` = '%s' ORDER BY `time` DESC LIMIT %d" ,array($_SESSION['cavern_username'], $limit));
+    global $user;
+    $result = cavern_query_result("SELECT * FROM `notification` WHERE `username` = '%s' ORDER BY `time` DESC LIMIT %d" ,array($user->username, $limit));
     $json = array('status' => TRUE, 'fetch' => round($_SERVER['REQUEST_TIME_FLOAT'] * 1000)); // to fit javascript unit
 
     $feeds = array();