diff --git a/src/main/java/org/hbp/mip/MIPApplication.java b/src/main/java/org/hbp/mip/MIPApplication.java
index 8d05e4ceec255e45ed776cbf3d8cd26cc78de319..630e64f52cf77cdd630d59292de074df634052a5 100644
--- a/src/main/java/org/hbp/mip/MIPApplication.java
+++ b/src/main/java/org/hbp/mip/MIPApplication.java
@@ -23,10 +23,10 @@ package org.hbp.mip;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiParam;
 import org.hbp.mip.model.User;
 import org.hbp.mip.utils.CORSFilter;
 import org.hbp.mip.utils.HibernateUtil;
-import org.hibernate.Query;
 import org.hibernate.Session;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
@@ -36,6 +36,8 @@ import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoT
 import org.springframework.boot.context.embedded.FilterRegistrationBean;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.Authentication;
@@ -57,8 +59,7 @@ import org.springframework.security.web.csrf.CsrfFilter;
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.CsrfTokenRepository;
 import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 import org.springframework.web.filter.OncePerRequestFilter;
 import org.springframework.web.util.WebUtils;
 import springfox.documentation.builders.ApiInfoBuilder;
@@ -100,21 +101,31 @@ public class MIPApplication extends WebSecurityConfigurerAdapter {
         return userAuthentication.getDetails().toString();
     }
 
-    public static User getUser(Principal principal) {
+    /**
+     * returns the user for the current session.
+     *
+     * the "synchronized" keyword is there to avoid a bug that the transaction is supposed to protect me from.
+     * To test if your solution to removing it works, do the following:
+     * - clean DB from scratch
+     * - restart DB and backend (no session or anything like that)
+     * - log in using the front end
+     * - check you have no 500 error in the network logs.
+     * @param principal
+     * @return
+     */
+    public static synchronized User getUser(Principal principal) {
         Session session = HibernateUtil.getSessionFactory().getCurrentSession();
         session.beginTransaction();
-        Query query = session.createQuery("from User where username= :username");
-        query.setString("username", principal.getName());
-        User user = (User) query.uniqueResult();
-        session.getTransaction().commit();
+        User user = (User) session
+                .createQuery("from User where username= :username")
+                .setString("username", principal.getName())
+                .uniqueResult();
         if (user == null) {
-            session = HibernateUtil.getSessionFactory().getCurrentSession();
-            session.beginTransaction();
             user = new User(getUserInfos());
             user.setTeam("CHUV");
             session.save(user);
-            session.getTransaction().commit();
         }
+        session.getTransaction().commit();
         return user;
     }
 
@@ -142,7 +153,7 @@ public class MIPApplication extends WebSecurityConfigurerAdapter {
                 .build();
     }
 
-    @RequestMapping("/user")
+    @RequestMapping(path = "/user", method = RequestMethod.GET)
     public Principal user(Principal principal, HttpServletResponse response) {
         ObjectMapper mapper = new ObjectMapper();
 
@@ -150,7 +161,6 @@ public class MIPApplication extends WebSecurityConfigurerAdapter {
             String userJSON = mapper.writeValueAsString(getUser(principal));
             Cookie cookie = new Cookie("user", URLEncoder.encode(userJSON, "UTF-8"));
             cookie.setPath("/");
-            cookie.setMaxAge(2592000);
             response.addCookie(cookie);
         } catch (JsonProcessingException e) {
             e.printStackTrace();
@@ -160,6 +170,25 @@ public class MIPApplication extends WebSecurityConfigurerAdapter {
         return principal;
     }
 
+    @RequestMapping(path = "/user", method = RequestMethod.POST)
+    public ResponseEntity<Void> postUser(Principal principal, HttpServletResponse response,
+                                         @ApiParam(value = "Has the user agreed on the NDA") @RequestParam(value = "agreeNDA", required = true) Boolean agreeNDA) {
+        ObjectMapper mapper = new ObjectMapper();
+        Session session = HibernateUtil.getSessionFactory().getCurrentSession();
+        session.beginTransaction();
+        User user = (User) session
+                .createQuery("from User where username= :username")
+                .setString("username", principal.getName())
+                .uniqueResult();
+        if (user != null) {
+            user.setAgreeNDA(agreeNDA);
+            session.update(user);
+        }
+        session.getTransaction().commit();
+
+        return new ResponseEntity<Void>(HttpStatus.OK);
+    }
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         // @formatter:off
diff --git a/src/main/java/org/hbp/mip/controllers/ArticlesApi.java b/src/main/java/org/hbp/mip/controllers/ArticlesApi.java
index 4bee0ec61f144e9af569b2ae83baa4943cac9142..3ecd2eaa70cee2489fa5923b0b41e2038713b794 100644
--- a/src/main/java/org/hbp/mip/controllers/ArticlesApi.java
+++ b/src/main/java/org/hbp/mip/controllers/ArticlesApi.java
@@ -182,7 +182,8 @@ public class ArticlesApi {
             if(session.getTransaction() != null)
             {
                 session.getTransaction().rollback();
-            }        }
+            }
+        }
 
         return new ResponseEntity<Void>(HttpStatus.OK);
     }
diff --git a/src/main/java/org/hbp/mip/controllers/ModelsApi.java b/src/main/java/org/hbp/mip/controllers/ModelsApi.java
index 102661c22db18b6fbb0ea7a51b78d1da7faac02a..9827337902184e4ffa5c3ce95a5f907b78436f4d 100644
--- a/src/main/java/org/hbp/mip/controllers/ModelsApi.java
+++ b/src/main/java/org/hbp/mip/controllers/ModelsApi.java
@@ -87,7 +87,8 @@ public class ModelsApi {
             if(session.getTransaction() != null)
             {
                 session.getTransaction().rollback();
-            }        }
+            }
+        }
 
         return new ResponseEntity<List<Model>>(HttpStatus.OK).ok(models);
     }
diff --git a/src/main/java/org/hbp/mip/model/Model.java b/src/main/java/org/hbp/mip/model/Model.java
index 6d0257a03a500fbae73a9f344d1141c04beb1b49..e57a5cd881a87f375cb2e7bbad3e1d7e0e8ae0f2 100644
--- a/src/main/java/org/hbp/mip/model/Model.java
+++ b/src/main/java/org/hbp/mip/model/Model.java
@@ -41,6 +41,7 @@ public class Model {
     private User createdBy = null;
     @ManyToOne
     private User updatedBy = null;
+    private String textQuery = null;
 
     public Model() {
     }
@@ -188,6 +189,19 @@ public class Model {
         this.updatedBy = updatedBy;
     }
 
+    /**
+     * Text query
+     **/
+    @ApiModelProperty(value = "Text query")
+    @JsonProperty("textQuery")
+    public String getTextQuery() {
+        return textQuery;
+    }
+
+    public void setTextQuery(String textQuery) {
+        this.textQuery = textQuery;
+    }
+
     @Override
     public String toString() {
         StringBuilder sb = new StringBuilder();
@@ -204,6 +218,7 @@ public class Model {
         sb.append("  updatedAt: ").append(updatedAt).append("\n");
         sb.append("  createdBy: ").append(createdBy).append("\n");
         sb.append("  updatedBy: ").append(updatedBy).append("\n");
+        sb.append("  textQuery: ").append(textQuery).append("\n");
         sb.append("}\n");
         return sb.toString();
     }
diff --git a/src/main/java/org/hbp/mip/model/User.java b/src/main/java/org/hbp/mip/model/User.java
index dd8757d02fd138c2350441a7ab4eeeb11219c16f..51b26084dc7742f0ad80c3065b4b8fbe9d57b828 100644
--- a/src/main/java/org/hbp/mip/model/User.java
+++ b/src/main/java/org/hbp/mip/model/User.java
@@ -41,6 +41,7 @@ public class User {
     private List<String> languages = new LinkedList<String>();
     @ElementCollection(fetch = FetchType.EAGER)
     private List<String> roles = new LinkedList<String>();
+    private Boolean agreeNDA = null;
 
     public User() {
     }
@@ -329,6 +330,19 @@ public class User {
         this.roles = roles;
     }
 
+    /**
+     * Agree NDA
+     **/
+    @ApiModelProperty(value = "Agree NDA")
+    @JsonProperty("agreeNDA")
+    public Boolean getAgreeNDA() {
+        return agreeNDA;
+    }
+
+    public void setAgreeNDA(Boolean agreeNDA) {
+        this.agreeNDA = agreeNDA;
+    }
+
     @Override
     public String toString() {
         StringBuilder sb = new StringBuilder();
@@ -352,6 +366,7 @@ public class User {
         sb.append("  isActive: ").append(isActive).append("\n");
         sb.append("  languages: ").append(languages).append("\n");
         sb.append("  roles: ").append(roles).append("\n");
+        sb.append("  agreeNDA: ").append(agreeNDA).append("\n");
         sb.append("}\n");
         return sb.toString();
     }
diff --git a/src/test/db b/src/test/db
index f14bdeddf4e4c3a7af9271e8637ee064282da6a0..af28ed02d855345f286e171c758758283c742dff 160000
--- a/src/test/db
+++ b/src/test/db
@@ -1 +1 @@
-Subproject commit f14bdeddf4e4c3a7af9271e8637ee064282da6a0
+Subproject commit af28ed02d855345f286e171c758758283c742dff