diff --git a/api/endpoints.go b/api/endpoints.go
index 827e8e2..1622484 100644
--- a/api/endpoints.go
+++ b/api/endpoints.go
@@ -197,7 +197,13 @@ func handleSession(w http.ResponseWriter, r *http.Request) {
 			httpError(w, r, fmt.Errorf("failed to decode request body: %s", err), http.StatusBadRequest)
 			return
 		}
-
+		existingSave, err := savedata.GetSession(uuid, slot)
+		if err == nil {
+			if existingSave.Seed == session.Seed && existingSave.WaveIndex > session.WaveIndex {
+				httpError(w, r, fmt.Errorf("session out of date: existing wave index is greater"), http.StatusBadRequest)
+				return
+			}
+		}
 		err = savedata.UpdateSession(uuid, slot, session)
 		if err != nil {
 			httpError(w, r, fmt.Errorf("failed to put session data: %s", err), http.StatusInternalServerError)
@@ -306,6 +312,23 @@ func handleUpdateAll(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	existingPlaytime, err := db.RetrievePlaytime(uuid)
+	playtime := data.System.GameStats.(map[string]interface{})["playTime"].(float64)
+	if err == nil {
+		if float64(existingPlaytime) > playtime {
+			httpError(w, r, fmt.Errorf("session out of date: existing playtime is greater"), http.StatusBadRequest)
+			return
+		}
+	}
+
+	existingSave, err := savedata.GetSession(uuid, data.SessionSlotId)
+	if err == nil {
+		if existingSave.Seed == data.Session.Seed && existingSave.WaveIndex > data.Session.WaveIndex {
+			httpError(w, r, fmt.Errorf("session out of date: existing wave index is greater"), http.StatusBadRequest)
+			return
+		}
+	}
+
 	err = savedata.Update(uuid, data.SessionSlotId, data.Session)
 	if err != nil {
 		httpError(w, r, err, http.StatusInternalServerError)
@@ -380,6 +403,15 @@ func handleSystem(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
+		existingPlaytime, err := db.RetrievePlaytime(uuid)
+		playtime := system.GameStats.(map[string]interface{})["playTime"].(float64)
+		if err == nil {
+			if float64(existingPlaytime) > playtime {
+				httpError(w, r, fmt.Errorf("session out of date: existing playtime is greater"), http.StatusBadRequest)
+				return
+			}
+		}
+
 		err = savedata.UpdateSystem(uuid, system)
 		if err != nil {
 			httpError(w, r, fmt.Errorf("failed to put system data: %s", err), http.StatusInternalServerError)
diff --git a/db/savedata.go b/db/savedata.go
index bb792c5..10256a3 100644
--- a/db/savedata.go
+++ b/db/savedata.go
@@ -142,3 +142,13 @@ func DeleteSessionSaveData(uuid []byte, slot int) error {
 
 	return nil
 }
+
+func RetrievePlaytime(uuid []byte) (int, error) {
+	var playtime int
+	err := handle.QueryRow("SELECT playTime FROM accountStats WHERE uuid = ?", uuid).Scan(&playtime)
+	if err != nil {
+		return 0, err
+	}
+
+	return playtime, nil
+}