diff --git a/cmd/gonic/main.go b/cmd/gonic/main.go
index bcb32c9..ad2fa2d 100644
--- a/cmd/gonic/main.go
+++ b/cmd/gonic/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"encoding/gob"
 	"flag"
 	"log"
 	"os"
@@ -10,6 +11,7 @@ import (
 
 	"github.com/sentriz/gonic/db"
 	"github.com/sentriz/gonic/server"
+	"github.com/sentriz/gonic/server/handler"
 )
 
 const (
@@ -47,6 +49,7 @@ func main() {
 		log.Fatalf("error opening database: %v\n", err)
 	}
 	defer db.Close()
+	gob.Register(&handler.Flash{})
 	s := server.New(
 		db,
 		*musicPath,
diff --git a/server/assets/layouts/base.tmpl b/server/assets/layouts/base.tmpl
index f11be9f..b206830 100644
--- a/server/assets/layouts/base.tmpl
+++ b/server/assets/layouts/base.tmpl
@@ -13,8 +13,9 @@
             </div>
             <div id="content">
                 {{ if .Flashes }}
-                <div id="flashes" class="padded mono">
-                    <i class="mdi mdi-alert-circle"></i> {{ index .Flashes 0 }}
+                {{ $flash := index .Flashes 0 }}
+                <div class="padded mono flash-{{ $flash.Type }}">
+                    <i class="mdi mdi-alert-circle"></i> {{ $flash.Message }}
                 </div>
                 {{ end }}
                 {{ template "content" . }}
diff --git a/server/assets/stylesheets/main.css b/server/assets/stylesheets/main.css
index f07f982..2bc64e4 100644
--- a/server/assets/stylesheets/main.css
+++ b/server/assets/stylesheets/main.css
@@ -102,12 +102,18 @@ a:hover {
     height: auto;
 }
 
-#flashes {
+.flash-warning {
     background-color: #fd1b1b1c;
     border-right: 2px solid #fd1b1b1c;
     border-bottom: 2px solid #fd1b1b1c;
 }
 
+.flash-normal {
+    background-color: #15ff5452;
+    border-right: 2px solid #15ff5452;
+    border-bottom: 2px solid #15ff5452;
+}
+
 .text-right {
     text-align: right;
 }
diff --git a/server/handler/handler_admin.go b/server/handler/handler_admin.go
index 20c916c..36ca2ef 100644
--- a/server/handler/handler_admin.go
+++ b/server/handler/handler_admin.go
@@ -24,15 +24,15 @@ func (c *Controller) ServeLoginDo(w http.ResponseWriter, r *http.Request) {
 	username := r.FormValue("username")
 	password := r.FormValue("password")
 	if username == "" || password == "" {
-		session.AddFlash("please provide both a username and password")
-		sessionLogSave(w, r, session)
+		sessAddFlashW("please provide both a username and password", session)
+		sessLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
 	user := c.DB.GetUserFromName(username)
 	if user == nil || password != user.Password {
-		session.AddFlash("invalid username / password")
-		sessionLogSave(w, r, session)
+		sessAddFlashW("invalid username / password", session)
+		sessLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
@@ -40,14 +40,14 @@ func (c *Controller) ServeLoginDo(w http.ResponseWriter, r *http.Request) {
 	// are wrapped with WithUserSession() which will get the name from the
 	// session and put the row into the request context.
 	session.Values["user"] = user.Name
-	sessionLogSave(w, r, session)
+	sessLogSave(w, r, session)
 	http.Redirect(w, r, "/admin/home", http.StatusSeeOther)
 }
 
 func (c *Controller) ServeLogout(w http.ResponseWriter, r *http.Request) {
 	session := r.Context().Value(contextSessionKey).(*sessions.Session)
 	session.Options.MaxAge = -1
-	sessionLogSave(w, r, session)
+	sessLogSave(w, r, session)
 	http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
 }
 
@@ -102,8 +102,8 @@ func (c *Controller) ServeChangeOwnPasswordDo(w http.ResponseWriter, r *http.Req
 	passwordTwo := r.FormValue("password_two")
 	err := validatePasswords(passwordOne, passwordTwo)
 	if err != nil {
-		session.AddFlash(err.Error())
-		sessionLogSave(w, r, session)
+		sessAddFlashW(err.Error(), session)
+		sessLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
@@ -126,8 +126,8 @@ func (c *Controller) ServeLinkLastFMDo(w http.ResponseWriter, r *http.Request) {
 	)
 	session := r.Context().Value(contextSessionKey).(*sessions.Session)
 	if err != nil {
-		session.AddFlash(err.Error())
-		sessionLogSave(w, r, session)
+		sessAddFlashW(err.Error(), session)
+		sessLogSave(w, r, session)
 		http.Redirect(w, r, "/admin/home", http.StatusSeeOther)
 		return
 	}
@@ -175,8 +175,8 @@ func (c *Controller) ServeChangePasswordDo(w http.ResponseWriter, r *http.Reques
 	passwordTwo := r.FormValue("password_two")
 	err := validatePasswords(passwordOne, passwordTwo)
 	if err != nil {
-		session.AddFlash(err.Error())
-		sessionLogSave(w, r, session)
+		sessAddFlashW(err.Error(), session)
+		sessLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
@@ -224,8 +224,8 @@ func (c *Controller) ServeCreateUserDo(w http.ResponseWriter, r *http.Request) {
 	username := r.FormValue("username")
 	err := validateUsername(username)
 	if err != nil {
-		session.AddFlash(err.Error())
-		sessionLogSave(w, r, session)
+		sessAddFlashW(err.Error(), session)
+		sessLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
@@ -233,8 +233,8 @@ func (c *Controller) ServeCreateUserDo(w http.ResponseWriter, r *http.Request) {
 	passwordTwo := r.FormValue("password_two")
 	err = validatePasswords(passwordOne, passwordTwo)
 	if err != nil {
-		session.AddFlash(err.Error())
-		sessionLogSave(w, r, session)
+		sessAddFlashW(err.Error(), session)
+		sessLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
@@ -244,10 +244,10 @@ func (c *Controller) ServeCreateUserDo(w http.ResponseWriter, r *http.Request) {
 	}
 	err = c.DB.Create(&user).Error
 	if err != nil {
-		session.AddFlash(fmt.Sprintf(
+		sessAddFlashW(fmt.Sprintf(
 			"could not create user `%s`: %v", username, err,
-		))
-		sessionLogSave(w, r, session)
+		), session)
+		sessLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
@@ -267,8 +267,8 @@ func (c *Controller) ServeUpdateLastFMAPIKeyDo(w http.ResponseWriter, r *http.Re
 	secret := r.FormValue("secret")
 	err := validateAPIKey(apiKey, secret)
 	if err != nil {
-		session.AddFlash(err.Error())
-		sessionLogSave(w, r, session)
+		sessAddFlashW(err.Error(), session)
+		sessLogSave(w, r, session)
 		http.Redirect(w, r, r.Header.Get("Referer"), http.StatusSeeOther)
 		return
 	}
@@ -279,8 +279,8 @@ func (c *Controller) ServeUpdateLastFMAPIKeyDo(w http.ResponseWriter, r *http.Re
 
 func (c *Controller) ServeStartScanDo(w http.ResponseWriter, r *http.Request) {
 	session := r.Context().Value(contextSessionKey).(*sessions.Session)
-	session.AddFlash("scan started")
-	sessionLogSave(w, r, session)
+	sessAddFlashN("scan started", session)
+	sessLogSave(w, r, session)
 	http.Redirect(w, r, "/admin/home", http.StatusSeeOther)
 	go func() {
 		err := scanner.
diff --git a/server/handler/handler_admin_utils.go b/server/handler/handler_admin_utils.go
index 003d00f..9741883 100644
--- a/server/handler/handler_admin_utils.go
+++ b/server/handler/handler_admin_utils.go
@@ -16,8 +16,27 @@ func firstExisting(or string, strings ...string) string {
 	return or
 }
 
-func sessionLogSave(w http.ResponseWriter, r *http.Request, s *sessions.Session) {
+func sessLogSave(w http.ResponseWriter, r *http.Request, s *sessions.Session) {
 	if err := s.Save(r, w); err != nil {
 		log.Printf("error saving session: %v\n", err)
 	}
 }
+
+type Flash struct {
+	Message string
+	Type    string
+}
+
+func sessAddFlashW(message string, s *sessions.Session) {
+	s.AddFlash(Flash{
+		Message: message,
+		Type:    "warning",
+	})
+}
+
+func sessAddFlashN(message string, s *sessions.Session) {
+	s.AddFlash(Flash{
+		Message: message,
+		Type:    "normal",
+	})
+}
diff --git a/server/handler/middleware_admin.go b/server/handler/middleware_admin.go
index 964f3b6..dbc3ad0 100644
--- a/server/handler/middleware_admin.go
+++ b/server/handler/middleware_admin.go
@@ -25,8 +25,8 @@ func (c *Controller) WithUserSession(next http.HandlerFunc) http.HandlerFunc {
 		session := r.Context().Value(contextSessionKey).(*sessions.Session)
 		username, ok := session.Values["user"].(string)
 		if !ok {
-			session.AddFlash("you are not authenticated")
-			sessionLogSave(w, r, session)
+			sessAddFlashW("you are not authenticated", session)
+			sessLogSave(w, r, session)
 			http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
 			return
 		}
@@ -36,7 +36,7 @@ func (c *Controller) WithUserSession(next http.HandlerFunc) http.HandlerFunc {
 			// the username in the client's session no longer relates to a
 			// user in the database (maybe the user was deleted)
 			session.Options.MaxAge = -1
-			sessionLogSave(w, r, session)
+			sessLogSave(w, r, session)
 			http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
 			return
 		}
@@ -52,8 +52,8 @@ func (c *Controller) WithAdminSession(next http.HandlerFunc) http.HandlerFunc {
 		session := r.Context().Value(contextSessionKey).(*sessions.Session)
 		user := r.Context().Value(contextUserKey).(*model.User)
 		if !user.IsAdmin {
-			session.AddFlash("you are not an admin")
-			sessionLogSave(w, r, session)
+			sessAddFlashW("you are not an admin", session)
+			sessLogSave(w, r, session)
 			http.Redirect(w, r, "/admin/login", http.StatusSeeOther)
 			return
 		}
diff --git a/server/handler/respond_admin.go b/server/handler/respond_admin.go
index 4e1f623..5e4d48a 100644
--- a/server/handler/respond_admin.go
+++ b/server/handler/respond_admin.go
@@ -41,7 +41,7 @@ func renderTemplate(
 	}
 	session := r.Context().Value(contextSessionKey).(*sessions.Session)
 	data.Flashes = session.Flashes()
-	sessionLogSave(w, r, session)
+	sessLogSave(w, r, session)
 	data.User, _ = r.Context().Value(contextUserKey).(*model.User)
 	err := tmpl.Execute(w, data)
 	if err != nil {