diff --git a/server/Auth.js b/server/Auth.js
index 15be664c..05044f74 100644
--- a/server/Auth.js
+++ b/server/Auth.js
@@ -78,16 +78,10 @@ class Auth {
         }).bind(this)))
     }
 
-    // should be already initialied here - but ci had some problems so check again
-    // token is required to encrypt/protect the info in jwts
-    if (!global.ServerSettings.tokenSecret) {
-      await this.initTokenSecret()
-    }
-
     // Load the JwtStrategy (always) -> for bearer token auth 
     passport.use(new JwtStrategy({
       jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
-      secretOrKey: global.ServerSettings.tokenSecret
+      secretOrKey: Database.serverSettings.tokenSecret
     }, this.jwtAuthCheck.bind(this)))
 
     // define how to seralize a user (to be put into the session)
@@ -330,7 +324,7 @@ class Auth {
     }
 
     // Check passwordless root user
-    if (user.id === 'root' && (!user.pash || user.pash === '')) {
+    if (user.type === 'root' && (!user.pash || user.pash === '')) {
       if (password) {
         // deny login
         done(null, null)
diff --git a/server/Server.js b/server/Server.js
index cf55061d..2424456d 100644
--- a/server/Server.js
+++ b/server/Server.js
@@ -139,7 +139,7 @@ class Server {
     const app = express()
 
     // parse cookies in requests
-    app.use(cookieParser());
+    app.use(cookieParser())
     // enable express-session
     app.use(expressSession({
       secret: global.ServerSettings.tokenSecret,