diff --git a/session.go b/session.go
index 950cd1e..cb65171 100644
--- a/session.go
+++ b/session.go
@@ -1,10 +1,11 @@
 package roblox
 
 import (
+	"bytes"
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/http/cookiejar"
-	"net/url"
 )
 
 // Session struct for roblox login session data and members
@@ -21,17 +22,11 @@ func New(username, password string) (*Session, error) {
 		Jar: cookieJar,
 	}
 
-	v := url.Values{}
-	v.Set("username", username)
-	v.Set("password", password)
-	v.Set("submitLogin", "Log In")
-	v.Set("ReturnUrl", "")
-
 	session := Session{0, username, client}
 
-	resp, err := client.PostForm("https://www.roblox.com/newlogin", v)
-	if resp.StatusCode != 200 {
-		return &session, fmt.Errorf("Messaged send failed. Status %d", resp.StatusCode)
+	err := session.Login(username, password)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to login: %s", err)
 	}
 
 	info, err := session.GetUserInfo()
@@ -43,3 +38,43 @@ func New(username, password string) (*Session, error) {
 
 	return &session, err
 }
+
+func (s *Session) Login(username, password string) error {
+	details := struct {
+		Ctype    string `json:"ctype"`
+		Cvalue   string `json:"cvalue"`
+		Password string `json:"password"`
+	}{
+		"Username",
+		username,
+		password,
+	}
+	payload, err := json.Marshal(&details)
+	if err != nil {
+		return err
+	}
+
+	resp, err := s.client.Post("https://auth.roblox.com/v1/login", "application/json", bytes.NewBuffer(payload))
+	if err != nil {
+		return err
+	}
+	resp.Body.Close()
+
+	if resp.StatusCode == 403 {
+		req, err := http.NewRequest("POST", "https://auth.roblox.com/v1/login", bytes.NewBuffer(payload))
+		req.Header.Set("X-Csrf-Token", resp.Header["X-Csrf-Token"][0])
+		req.Header.Set("Content-Type", "application/json")
+
+		resp, err := s.client.Do(req)
+		if err != nil {
+			return err
+		}
+		defer resp.Body.Close()
+
+		if resp.StatusCode != 200 {
+			return fmt.Errorf("Status %d", resp.StatusCode)
+		}
+	}
+
+	return nil
+}