diff --git a/core/app.js b/core/app.js
index 7ab625a4..9d9a4e0e 100644
--- a/core/app.js
+++ b/core/app.js
@@ -61,8 +61,7 @@ function socket(request, response, client) {
 	let process;
 	let options = {};
 	let credentials = auth.query(request.headers);
-	let refresh_token = credentials?.refresh?.token;
-	let refresh_interval = credentials?.refresh?.interval;
+	let refresh = auth.make_refresh(credentials);
 
 	response.onClose = async function() {
 		if (process && process.task) {
@@ -198,9 +197,9 @@ function socket(request, response, client) {
 		}
 	}
 
-	if (refresh_token) {
+	if (refresh) {
 		return {
-			'Set-Cookie': `session=${refresh_token}; path=/; Max-Age=${refresh_interval}; Secure; SameSite=Strict`,
+			'Set-Cookie': `session=${refresh.token}; path=/; Max-Age=${refresh.interval}; Secure; SameSite=Strict`,
 		};
 	}
 }
diff --git a/core/auth.js b/core/auth.js
index 6ff9b61a..81fa51ba 100644
--- a/core/auth.js
+++ b/core/auth.js
@@ -260,12 +260,17 @@ function query(headers) {
 		return {
 			session: entry,
 			permissions: autologin ? getPermissionsForUser(autologin) : getPermissions(session),
-			refresh: {
-				token: makeJwt({name: entry.name}),
-				interval: kRefreshInterval,
-			}, 
 		};
 	}
 }
 
-export { handler, query };
+function make_refresh(credentials) {
+	if (credentials?.session?.name) {
+		return {
+			token: makeJwt({name: credentials.session.name}),
+			interval: kRefreshInterval,
+		};
+	}
+}
+
+export { handler, query, make_refresh };