diff --git a/configuration.default.ini b/configuration.default.ini
index 38ab075..1da9495 100644
--- a/configuration.default.ini
+++ b/configuration.default.ini
@@ -96,9 +96,9 @@ listening_addr = 127.0.0.1
 listening_port = 8181
 web_logfile =
 
-auth_method = password
-user = botamusique
-password = mumble
+auth_method = 'none'
+user = 
+password = 
 
 access_address = http://127.0.0.1:8181
 
diff --git a/configuration.example.ini b/configuration.example.ini
index 59462cc..1e4a480 100644
--- a/configuration.example.ini
+++ b/configuration.example.ini
@@ -121,14 +121,15 @@ port = 64738
 #listening_addr = 127.0.0.1
 #listening_port = 8181
 #is_web_proxified = True
+# This is the public URL
 #access_address = http://127.0.0.1:8181
 
 # 'web_logfile': write access logs of the web server into this file.
 #web_logfile =
 
 # 'auth_method': Method used to authenticate users accessing the web interface.
-#                Options are 'password', 'token', 'none'
-#auth_method = password
+#                Options are 'none', 'password' or 'token' (use unique token, see requests_webinterface_access command)
+#auth_method = token
 
 # 'user', 'password': If auth_method set to 'password', you need to set the username and
 #                     password.
diff --git a/interface.py b/interface.py
index 4af9f9d..5e6499b 100644
--- a/interface.py
+++ b/interface.py
@@ -105,16 +105,12 @@ def requires_auth(f):
             if var.config.getboolean("webinterface", "require_auth") and (
                     not auth or not check_auth(auth.username, auth.password)):
                 if auth:
-                    log.warning(f"web: failed login attempt, user: {auth.username}, from ip {request.remote_addr}.")
+                    log.info(f"web: failed login attempt, user: {auth.username}, from ip {request.remote_addr}.")
                 return authenticate()
         if auth_method == 'token':
-            if 'token' in session and 'token' not in request.args:
-                token = session['token']
-                token_user = var.db.get("web_token", token, fallback=None)
-                if token_user is not None:
-                    user = token_user
-                    log.debug(f"web: token validated for the user: {token_user}, from ip {request.remote_addr}.")
-                    return f(*args, **kwargs)
+            if 'user' in session and 'token' not in request.args:
+                user = session['user']
+                return f(*args, **kwargs)
             elif 'token' in request.args:
                 token = request.args.get('token')
                 token_user = var.db.get("web_token", token, fallback=None)
@@ -126,11 +122,12 @@ def requires_auth(f):
                     user_dict['IP'] = request.remote_addr
                     var.db.set("user", user, json.dumps(user_dict))
 
-                    log.info(f"web: new user access, token validated for the user: {token_user}, from ip {request.remote_addr}.")
+                    log.debug(f"web: new user access, token validated for the user: {token_user}, from ip {request.remote_addr}.")
                     session['token'] = token
+                    session['user'] = token_user
                     return f(*args, **kwargs)
 
-            log.info(f"web: bad token from ip {request.remote_addr}.")
+            log.debug(f"web: bad token from ip {request.remote_addr}.")
             abort(403)
 
         return f(*args, **kwargs)