diff --git a/web/server/web-server.go b/web/server/web-server.go
index ebb4d6c..f6f5f0c 100644
--- a/web/server/web-server.go
+++ b/web/server/web-server.go
@@ -99,9 +99,9 @@ func HandlerAuth(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 	hash = sha256.Sum256(buffer[:passlen])
-	TokenGenerate(buffer)
 	if bytes.Equal(hash[:], passhash) {
 		log.Println("Password valid")
+		TokenGenerate(buffer)
 		response.Status = true
 		response.Token = TOKEN
 		http.SetCookie(w, &http.Cookie{