diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 2853145..6b6404e 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -289,6 +289,53 @@ jobs:
           short_description: 'LemonLDAP::NG maintenance tasks runner'
           readme_file: 'cron-task/README.md'
 
+  build-and-push-sessions-backup:
+    needs: build-and-push-base
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get current date
+        id: date
+        run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: yadd/lemonldap-ng-sessions-backup
+      - name: Build and push Docker image for sessions-backup task
+        uses: docker/build-push-action@v4
+        with:
+          context: ./sessions-backup
+          build-args: |
+            "BASE=yadd/lemonldap-ng-base:latest"
+          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6,linux/s390x
+          push: true
+          tags: |
+            yadd/lemonldap-ng-sessions-backup:latest
+            yadd/lemonldap-ng-sessions-backup:${{ steps.date.outputs.date }}
+            yadd/lemonldap-ng-sessions-backup:${{ env.VERSION }}-${{ env.DOCKERREVISION }}
+            yadd/lemonldap-ng-sessions-backup:${{ env.VERSION }}-${{ env.DOCKERREVISION }}-${{ env.DEBIANRELEASE }}
+      - name: push README to Dockerhub
+        uses: christian-korneck/update-container-description-action@v1
+        env:
+          DOCKER_USER: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASS: ${{ secrets.DOCKER_PASSWORD }}
+        with:
+          destination_container_repo: yadd/lemonldap-ng-sessions-backup
+          provider: dockerhub
+          short_description: 'LemonLDAP::NG maintenance tasks runner'
+          readme_file: 'sessions-backup/README.md'
+
   build-and-push-manager:
     needs: build-and-push-base
     runs-on: ubuntu-latest
@@ -649,6 +696,43 @@ jobs:
             yadd/lemonldap-ng-cron-task:${{ env.VERSION }}-${{ env.DOCKERREVISION }}-no-s6
             yadd/lemonldap-ng-cron-task:${{ env.VERSION }}-${{ env.DOCKERREVISION }}-${{ env.DEBIANRELEASE }}-no-s6
 
+  build-and-push-sessions-backup-no-s6:
+    needs: build-and-push-base-no-s6
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get current date
+        id: date
+        run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: yadd/lemonldap-ng-sessions-backup
+      - name: Build and push Docker image for sessions-backup
+        uses: docker/build-push-action@v4
+        with:
+          context: ./sessions-backup
+          build-args: |
+            "BASE=yadd/lemonldap-ng-base:latest-no-s6"
+          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6,linux/s390x
+          push: true
+          tags: |
+            yadd/lemonldap-ng-sessions-backup:latest-no-s6
+            yadd/lemonldap-ng-sessions-backup:${{ steps.date.outputs.date }}-no-s6
+            yadd/lemonldap-ng-sessions-backup:${{ env.VERSION }}-${{ env.DOCKERREVISION }}-no-s6
+            yadd/lemonldap-ng-sessions-backup:${{ env.VERSION }}-${{ env.DOCKERREVISION }}-${{ env.DEBIANRELEASE }}-no-s6
+
   build-and-push-manager-no-s6:
     needs: build-and-push-base-no-s6
     runs-on: ubuntu-latest
diff --git a/Changes.md b/Changes.md
index b4370ec..1a21835 100644
--- a/Changes.md
+++ b/Changes.md
@@ -1,5 +1,6 @@
 # Changes
 
+* 2024-07-15: add sessions-backup task docker
 * 2024-07-15: add "backup/restore" commands into session cli
 * 2024-07-10: add "count" command into session cli
 * 2024-07-10: update default Redis indexes
diff --git a/base/session-cli.patch b/base/session-cli.patch
index 4bb7fb4..43bf68e 100644
--- a/base/session-cli.patch
+++ b/base/session-cli.patch
@@ -42,7 +42,7 @@
 +        $res->{$backend} = $_res;
 +    }
 +    my $o = $self->stdout;
-+    print $o to_json($res);
++    print $o to_json($res); return 0;
 +}
 +
 +sub restore {
@@ -65,7 +65,7 @@
 +    };
 +    if ($@) {
 +        print STDERR "Given backup file looks bad: $@\n";
-+        exit 1;
++        return 1;
 +    }
 +    foreach my $backend ( keys %$obj ) {
 +        unless ( grep { $backend eq $_ } BACKENDS ) {
@@ -76,7 +76,7 @@
 +        foreach my $_session_id ( keys %{ $obj->{$backend} } ) {
 +            $self->_insert( $_session_id, $obj->{$backend}->{$_session_id} );
 +        }
-+    }
++    } return 0;
 +}
 +
 +sub _insert {
diff --git a/build-all b/build-all
index bc5381c..37f29b2 100755
--- a/build-all
+++ b/build-all
@@ -2,7 +2,7 @@
 
 set -e
 
-LIST=${LIST:-pg base portal uwsgi-portal manager full ssoaas-fastcgi-server cron cron-task}
+LIST=${LIST:-pg base portal uwsgi-portal manager full ssoaas-fastcgi-server cron cron-task sessions-backup}
 #LIST=${LIST:-pg base portal uwsgi-portal manager full ssoaas-fastcgi-server cron dev}
 
 for i in $LIST; do
diff --git a/cron-task/Dockerfile b/cron-task/Dockerfile
index b26e314..ae83fcd 100644
--- a/cron-task/Dockerfile
+++ b/cron-task/Dockerfile
@@ -16,4 +16,6 @@ RUN apt-get update && \
     rm -rf /var/lib/apt/lists/* /usr/share/perl5/Lemonldap/NG/Handler \
     /etc/services.d /tmp/liblemonldap-ng-portal-*
 
+USER www-data
+
 CMD ["/usr/share/lemonldap-ng/bin/purgeCentralCache", "-d"]
diff --git a/sessions-backup/Dockerfile b/sessions-backup/Dockerfile
new file mode 100644
index 0000000..d561e3d
--- /dev/null
+++ b/sessions-backup/Dockerfile
@@ -0,0 +1,10 @@
+ARG BASE=
+FROM ${BASE}
+
+LABEL maintainer="Yadd yadd@debian.org>" \
+      name="yadd/lemonldap-ng-sessions-backup" \
+      version="v1.0"
+
+COPY start.sh /backup.sh
+
+CMD ["/backup.sh"]
diff --git a/sessions-backup/README.md b/sessions-backup/README.md
new file mode 100644
index 0000000..c20444d
--- /dev/null
+++ b/sessions-backup/README.md
@@ -0,0 +1,9 @@
+# yadd/lemonldap-ng-sessions-backup
+
+Docker task to save all sessions into `/var/backup/lemonldap-ng`
+_(to be mounted)_.
+
+Files are named using
+```shell
+"/var/backup/lemonldap-ng/$(date --utc +'%F_%H:%M:%S')-sessions-backup.json"
+```
diff --git a/sessions-backup/start.sh b/sessions-backup/start.sh
new file mode 100755
index 0000000..069592e
--- /dev/null
+++ b/sessions-backup/start.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+mkdir -p /var/backup/lemonldap-ng
+
+FILE="/var/backup/lemonldap-ng/$(date --utc +'%F_%H:%M:%S')-sessions-backup.json"
+
+/usr/share/lemonldap-ng/bin/lemonldap-ng-sessions \
+	--user www-data \
+	--group www-data \
+	backup \
+	> $FILE
+
+echo "Backup in $FILE"