diff --git a/src/api.js.c b/src/api.js.c
index 8393187a..fd9a8e33 100644
--- a/src/api.js.c
+++ b/src/api.js.c
@@ -97,40 +97,37 @@ static void _tf_api_core_apps_after_work(tf_ssb_t* ssb, int status, void* user_d
 	tf_free(work);
 }
 
+static const char* _tf_ssb_get_process_credentials_session_name(JSContext* context, JSValue process)
+{
+	JSValue credentials = JS_IsObject(process) ? JS_GetPropertyStr(context, process, "credentials") : JS_UNDEFINED;
+	JSValue session = JS_IsObject(credentials) ? JS_GetPropertyStr(context, credentials, "session") : JS_UNDEFINED;
+	JSValue name_value = JS_IsObject(session) ? JS_GetPropertyStr(context, session, "name") : JS_UNDEFINED;
+	const char* result = JS_IsString(name_value) ? JS_ToCString(context, name_value) : NULL;
+	JS_FreeValue(context, name_value);
+	JS_FreeValue(context, session);
+	JS_FreeValue(context, credentials);
+	return result;
+}
+
 static JSValue _tf_api_core_apps(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv, int magic, JSValue* data)
 {
 	JSValue result = JS_UNDEFINED;
 	JSValue user = argv[0];
 	JSValue process = data[0];
 	const char* user_string = JS_IsString(user) ? JS_ToCString(context, user) : NULL;
+	const char* session_name_string = _tf_ssb_get_process_credentials_session_name(context, process);
 
-	if (JS_IsObject(process))
+	if (user_string && session_name_string && strcmp(user_string, session_name_string) && strcmp(user_string, "core"))
 	{
-		JSValue credentials = JS_GetPropertyStr(context, process, "credentials");
-		if (JS_IsObject(credentials))
-		{
-			JSValue session = JS_GetPropertyStr(context, credentials, "session");
-			if (JS_IsObject(session))
-			{
-				JSValue session_name = JS_GetPropertyStr(context, session, "name");
-				const char* session_name_string = JS_IsString(session_name) ? JS_ToCString(context, session_name) : NULL;
-				if (user_string && session_name_string && strcmp(user_string, session_name_string) && strcmp(user_string, "core"))
-				{
-					JS_FreeCString(context, user_string);
-					user_string = NULL;
-				}
-				else if (!user_string)
-				{
-					user_string = session_name_string;
-					session_name_string = NULL;
-				}
-				JS_FreeCString(context, session_name_string);
-				JS_FreeValue(context, session_name);
-			}
-			JS_FreeValue(context, session);
-		}
-		JS_FreeValue(context, credentials);
+		JS_FreeCString(context, user_string);
+		user_string = NULL;
 	}
+	else if (!user_string)
+	{
+		user_string = session_name_string;
+		session_name_string = NULL;
+	}
+	JS_FreeCString(context, session_name_string);
 
 	if (user_string)
 	{
@@ -380,26 +377,12 @@ static void _tf_api_core_permissions_granted_after_work(tf_ssb_t* ssb, int statu
 	JS_FreeValue(context, result);
 	JS_FreeValue(context, work->promise[0]);
 	JS_FreeValue(context, work->promise[1]);
-	tf_free((void*)work->user);
+	JS_FreeCString(context, work->user);
 	tf_free((void*)work->package_owner);
 	tf_free((void*)work->package_name);
 	tf_free(work);
 }
 
-static const char* _tf_ssb_get_process_credentials_session_name(JSContext* context, JSValue process)
-{
-	JSValue credentials = JS_IsObject(process) ? JS_GetPropertyStr(context, process, "credentials") : JS_UNDEFINED;
-	JSValue session = JS_IsObject(credentials) ? JS_GetPropertyStr(context, credentials, "session") : JS_UNDEFINED;
-	JSValue name_value = JS_IsObject(session) ? JS_GetPropertyStr(context, session, "name") : JS_UNDEFINED;
-	const char* name = JS_IsString(name_value) ? JS_ToCString(context, name_value) : NULL;
-	const char* result = tf_strdup(name);
-	JS_FreeCString(context, name);
-	JS_FreeValue(context, name_value);
-	JS_FreeValue(context, session);
-	JS_FreeValue(context, credentials);
-	return result;
-}
-
 static JSValue _tf_api_core_permissionsGranted(JSContext* context, JSValueConst this_val, int argc, JSValueConst* argv, int magic, JSValue* data)
 {
 	tf_task_t* task = tf_task_get(context);
@@ -508,7 +491,7 @@ static JSValue _tf_ssb_getActiveIdentity(JSContext* context, JSValueConst this_v
 		.package_name = tf_strdup(package_name),
 	};
 	JSValue result = JS_NewPromiseCapability(context, work->promise);
-	tf_free((void*)name);
+	JS_FreeCString(context, name);
 	JS_FreeCString(context, package_owner);
 	JS_FreeCString(context, package_name);
 
@@ -611,7 +594,7 @@ static JSValue _tf_ssb_getIdentities(JSContext* context, JSValueConst this_val,
 				.context = context,
 			};
 			memcpy(work->user, user, user_length + 1);
-			tf_free((void*)user);
+			JS_FreeCString(context, user);
 
 			result = JS_NewPromiseCapability(context, work->promise);
 			tf_ssb_run_work(ssb, _tf_ssb_get_identities_work, _tf_ssb_get_identities_after_work, work);
@@ -838,7 +821,7 @@ static void _tf_ssb_modify_block_after_work(tf_ssb_t* ssb, int status, void* use
 	JS_FreeValue(context, request->promise[0]);
 	JS_FreeValue(context, request->promise[1]);
 	JS_FreeValue(context, request->result);
-	tf_free((void*)request->user);
+	JS_FreeCString(context, request->user);
 	tf_free(request);
 }
 
@@ -1225,7 +1208,7 @@ static JSValue _tf_ssb_swap_with_server_identity(JSContext* context, JSValueCons
 	snprintf(description, sizeof(description), "Swap identity %s with %s.", work->user_id, work->server_id);
 	_tf_ssb_permission_test(context, data[0], "delete_user", description, _tf_ssb_swap_with_server_identity_permission_callback, work);
 	JS_FreeCString(context, id);
-	tf_free((void*)user);
+	JS_FreeCString(context, user);
 	return result;
 }