diff --git a/package/archlinux/PKGBUILD b/package/archlinux/PKGBUILD
index 50e7358b..9e3e45dc 100644
--- a/package/archlinux/PKGBUILD
+++ b/package/archlinux/PKGBUILD
@@ -15,7 +15,10 @@ optdepends=('breezy: -bzr packages support'
             'mercurial: -hg packages support'
             'python-aiohttp: web server'
             'python-aiohttp-jinja2: web server'
+            'python-aiohttp-security: web server with authorization'
+            'python-aiohttp-session: web server with authorization'
             'python-boto3: sync to s3'
+            'python-cryptography: web server with authorization'
             'python-jinja: html report generation'
             'rsync: sync by using rsync'
             'subversion: -svn packages support')
diff --git a/src/ahriman/web/middlewares/auth_handler.py b/src/ahriman/web/middlewares/auth_handler.py
index 719c2df1..6f84a011 100644
--- a/src/ahriman/web/middlewares/auth_handler.py
+++ b/src/ahriman/web/middlewares/auth_handler.py
@@ -18,10 +18,14 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 import aiohttp_security  # type: ignore
+import base64
 
 from aiohttp import web
 from aiohttp.web import middleware, Request
 from aiohttp.web_response import StreamResponse
+from aiohttp_session import setup as setup_session  # type: ignore
+from aiohttp_session.cookie_storage import EncryptedCookieStorage  # type: ignore
+from cryptography import fernet
 from typing import Optional
 
 from ahriman.core.auth import Auth
@@ -92,6 +96,11 @@ def setup_auth(application: web.Application, configuration: Configuration) -> we
     :param configuration: configuration instance
     :return: configured web application
     """
+    fernet_key = fernet.Fernet.generate_key()
+    secret_key = base64.urlsafe_b64decode(fernet_key)
+    storage = EncryptedCookieStorage(secret_key, cookie_name='API_SESSION')
+    setup_session(application, storage)
+
     authorization_policy = AuthorizationPolicy(configuration)
     identity_policy = aiohttp_security.SessionIdentityPolicy()
 
diff --git a/src/ahriman/web/web.py b/src/ahriman/web/web.py
index a42cce29..5e539dc1 100644
--- a/src/ahriman/web/web.py
+++ b/src/ahriman/web/web.py
@@ -18,19 +18,14 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 import aiohttp_jinja2
-import base64
 import jinja2
 import logging
 
 from aiohttp import web
-from aiohttp_session import setup as setup_session  # type: ignore
-from aiohttp_session.cookie_storage import EncryptedCookieStorage  # type: ignore
-from cryptography import fernet
 
 from ahriman.core.configuration import Configuration
 from ahriman.core.exceptions import InitializeException
 from ahriman.core.status.watcher import Watcher
-from ahriman.web.middlewares.auth_handler import setup_auth
 from ahriman.web.middlewares.exception_handler import exception_handler
 from ahriman.web.routes import setup_routes
 
@@ -97,12 +92,8 @@ def setup_service(architecture: str, configuration: Configuration) -> web.Applic
     application.logger.info("setup watcher")
     application["watcher"] = Watcher(architecture, configuration)
 
-    fernet_key = fernet.Fernet.generate_key()
-    secret_key = base64.urlsafe_b64decode(fernet_key)
-    storage = EncryptedCookieStorage(secret_key, cookie_name='API_SESSION')
-    setup_session(application, storage)
-
     if configuration.getboolean("web", "auth", fallback=False):
+        from ahriman.web.middlewares.auth_handler import setup_auth
         setup_auth(application, configuration)
 
     return application