// Set session token only if empty (first login)
// NOTE: weaker security (but avoid to re-login everywhere after each logout)
// TODO: option would be to reset all tokens periodically, e.g. every 3 months
// Set session token only if empty (first login)
// NOTE: weaker security (but avoid to re-login everywhere after each logout)
// TODO: option would be to reset all tokens periodically, e.g. every 3 months