diff --git a/src/lib/minio.ts b/src/lib/minio.ts
index 6824b78..f2ac969 100644
--- a/src/lib/minio.ts
+++ b/src/lib/minio.ts
@@ -8,3 +8,4 @@ import config from '$lib/config';
 export const client = new Client(config.minio);
 
 export const BUCKET = 'tatort';
+export const TOKENFILENAME = '__perm__';
diff --git a/src/lib/server/vorgangService.ts b/src/lib/server/vorgangService.ts
index c24a37c..c4439bd 100644
--- a/src/lib/server/vorgangService.ts
+++ b/src/lib/server/vorgangService.ts
@@ -1,5 +1,5 @@
 import { fail, redirect } from '@sveltejs/kit';
-import { BUCKET, client } from '$lib/minio';
+import { BUCKET, client, TOKENFILENAME } from '$lib/minio';
 import { checkIfExactDirectoryExists } from './s3ClientService';
 
 /**
@@ -38,7 +38,7 @@ export const redirectIfVorgangExists = async (request: Request) => {
 		});
 	}
 
-	redirect(303, `/list/${caseId}`);
+	redirect(303, `/list/${caseId}?token=${caseToken}`);
 };
 
 export const getVorgangByCaseId = ({ params }) => {
@@ -76,14 +76,13 @@ export const getVorgangByCaseId = ({ params }) => {
 	});
 };
 
-const hasValidToken = async (caseId: string, caseToken: string) => {
-	const tokenFileName = '__perm__';
-	const objPath = `${caseId}/${tokenFileName}`;
+export const hasValidToken = async (caseId: string, caseToken: string) => {
+	const objPath = `${caseId}/${TOKENFILENAME}`;
 
 	try {
 		if (!caseToken) return false;
 
-		const res = await client.getObject('tatort', objPath);
+		const res = await client.getObject(BUCKET, objPath);
 
 		const savedToken = await new Response(res).text();
 
diff --git a/src/routes/(token-based)/list/[vorgang]/+page.server.ts b/src/routes/(token-based)/list/[vorgang]/+page.server.ts
new file mode 100644
index 0000000..f4fe251
--- /dev/null
+++ b/src/routes/(token-based)/list/[vorgang]/+page.server.ts
@@ -0,0 +1,18 @@
+import { hasValidToken } from '$lib/server/vorgangService';
+import { redirect } from '@sveltejs/kit';
+import type { PageServerLoad } from '../../view/$types';
+
+export const load: PageServerLoad = ({params, url}) => {
+    const caseID = params.vorgang;
+    const token = url.searchParams.get('token');
+
+    let isTokenValid
+
+    if (typeof token === 'string' && caseID) {
+        isTokenValid = hasValidToken(caseID, token);
+    }
+
+    if(!isTokenValid) {
+        redirect(303, '/anmeldung');
+    }
+};