diff --git a/src/lib/server/vorgangService.ts b/src/lib/server/vorgangService.ts
index 655a757..d86172a 100644
--- a/src/lib/server/vorgangService.ts
+++ b/src/lib/server/vorgangService.ts
@@ -27,6 +27,11 @@ export const getVorgangByCaseId = async (caseId: string) => {
 	return list;
 };
 
+/**
+ * Get Vorgang
+ * @param caseId
+ * @returns caseObj with keys `token`, `name`, `pw` || undefined
+ */
 export const getVorgang = function (caseId: string) {
 	let getVorgang_stmt = `SELECT token, name, pw FROM cases WHERE token = ?`;
 	const stmt = db.prepare(getVorgang_stmt);
@@ -96,6 +101,23 @@ export const checkIfVorgangExists = async (caseId: string | null) => {
 	return true;
 };
 
+export const vorgangExists = function (caseId: string | null) {
+	if (!caseId) {
+		return fail(400, {
+			success: false,
+			caseId,
+			error: { message: 'Die Vorgangsnummer darf nicht leer sein.' }
+		});
+	}
+
+	let vorgaenge = getVorgaenge();
+	const vorgaenge_tokens = vorgaenge.map((vorg) => vorg.token);
+
+	const found = vorgaenge_tokens.indexOf(caseId) != -1;
+
+	return found;
+};
+
 export const hasValidToken = async (caseId: string, caseToken: string) => {
 	const objPath = `${caseId}/${TOKENFILENAME}`;
 
@@ -117,3 +139,17 @@ export const hasValidToken = async (caseId: string, caseToken: string) => {
 		}
 	}
 };
+
+export const tokenValid = function (caseId, caseToken) {
+	if (!caseToken) {
+		return false;
+	}
+
+	const vorg = getVorgang(caseId);
+
+	if (!vorg || vorg.pw !== caseToken) {
+		return false;
+	}
+
+	return true;
+};
diff --git a/src/routes/(token-based)/+layout.server.ts b/src/routes/(token-based)/+layout.server.ts
index 99517b3..cc3129a 100644
--- a/src/routes/(token-based)/+layout.server.ts
+++ b/src/routes/(token-based)/+layout.server.ts
@@ -1,4 +1,9 @@
-import { checkIfVorgangExists, hasValidToken } from '$lib/server/vorgangService';
+import {
+	checkIfVorgangExists,
+	hasValidToken,
+	tokenValid,
+	vorgangExists
+} from '$lib/server/vorgangService';
 import { redirect } from '@sveltejs/kit';
 import type { PageServerLoad } from './list/[vorgang]/$types';
 
@@ -12,8 +17,9 @@ export const load: PageServerLoad = async ({ params, url, locals }) => {
 	const caseId = params.vorgang;
 	const caseToken = url.searchParams.get('token');
 
-	const isVorgangValid = await checkIfVorgangExists(caseId);
-	const isTokenValid = await hasValidToken(caseId, caseToken);
+	const isVorgangValid = vorgangExists(caseId);
+	const isTokenValid = tokenValid(caseId, caseToken);
+	console.log(`--- is valid: ${isTokenValid}`);
 
 	if (!isVorgangValid || !isTokenValid) throw redirect(303, `/anmeldung`);
 };