diff --git a/tfweb/src/components/Header.svelte b/tfweb/src/components/Header.svelte
index 78e9df7..4000b0a 100644
--- a/tfweb/src/components/Header.svelte
+++ b/tfweb/src/components/Header.svelte
@@ -1,8 +1,8 @@
 <script lang="ts">
     import {t} from "$lib/i18n";
-    import {theme} from "$lib/stores/ThemeStore.js";
     import {getCurrentLocale, locales} from "$lib/i18n.js";
     import {locale} from "$lib/stores/LocaleStore";
+    import {theme} from "$lib/stores/ThemeStore";
 
     function toggleTheme() {
         if ($theme === "dark") {
@@ -73,7 +73,7 @@
 
             </div>
 
-            {#if $theme === "dark"}
+            {#if $theme === 'dark'}
                 <button title="{t('header.lightMode')}" class="inline-block text-sm px-4 leading-none mt-4 lg:mt-0"
                         on:click={toggleTheme}>
                     <i class="fa-solid fa-sun"></i>
diff --git a/tfweb/src/components/Theme.svelte b/tfweb/src/components/Theme.svelte
index 9fda3c8..6cbdb49 100644
--- a/tfweb/src/components/Theme.svelte
+++ b/tfweb/src/components/Theme.svelte
@@ -1,24 +1,15 @@
 <script lang="ts">
-    import {onMount} from "svelte";
-    import {Logger, logSetup} from "$lib/logger";
-    import {theme} from "$lib/stores/ThemeStore";
-    import {get} from "svelte/store";
 
-    onMount(() => {
-        let logger = new Logger("Theme.svelte");
-        logSetup();
-
-        theme.subscribe((newTheme) => {
-            if (newTheme === "dark") {
-                document.documentElement.classList.add("dark");
-            } else {
-                document.documentElement.classList.remove("dark");
-            }
-        });
-    });
 </script>
 
 <svelte:head>
     <link rel="stylesheet" href="https://cdn.e3t.cc/fa/6.2.0/css/all.min.css"/>
     <link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/lipis/flag-icons@6.6.6/css/flag-icons.min.css"/>
+    <script>
+        if (localStorage.theme === "dark") {
+            document.documentElement.classList.add("dark");
+        } else {
+            document.documentElement.classList.remove("dark");
+        }
+    </script>
 </svelte:head>
\ No newline at end of file
diff --git a/tfweb/src/lib/auth.ts b/tfweb/src/lib/auth.ts
index bb8dd9e..a61e169 100644
--- a/tfweb/src/lib/auth.ts
+++ b/tfweb/src/lib/auth.ts
@@ -1,5 +1,4 @@
 import {fetch_timeout} from "./util";
-import {t} from "./i18n";
 import {API_ROOT} from "./config";
 import {Logger, logSetup} from "./logger";
 import {getCookie} from "./cookie";
@@ -9,7 +8,7 @@ const logger = new Logger("auth.ts");
 
 export function redact_token(token: string) {
     const stars = "*".repeat(token.length - 5);
-    return token.substring(5) + stars;
+    return token.substring(0, 5) + stars;
 }
 
 export async function enforce_session(): Promise<[boolean, string]> {
@@ -31,16 +30,18 @@ export async function enforce_session(): Promise<[boolean, string]> {
         });
         if (!resp.ok) {
             const rawerror = JSON.parse(await resp.text()).errors[0].message;
+            logger.error(`session token is invalid: ${rawerror}`);
             return [false, rawerror];
         } else {
+            logger.info("session token OK");
             // session ok
             return [true, session_token];
         }
     } catch (e) {
         // error in http request
+        logger.error(`session token is invalid: ${e}`);
         return [false, `${e}`]
     }
-    return [false, ""];
 }
 
 export async function enforce_auth(): Promise<[boolean, string]> {
@@ -82,5 +83,4 @@ export async function enforce_auth(): Promise<[boolean, string]> {
         // error in http request
         return [false, `${e}`]
     }
-    return [false, ""];
 }
\ No newline at end of file
diff --git a/tfweb/src/lib/stores/ThemeStore.ts b/tfweb/src/lib/stores/ThemeStore.ts
index ffe7975..e00da69 100644
--- a/tfweb/src/lib/stores/ThemeStore.ts
+++ b/tfweb/src/lib/stores/ThemeStore.ts
@@ -1,3 +1,15 @@
-import { persist } from "$lib/PersistentStore";
+import {writable} from "svelte/store";
+import {browser} from "$app/environment";
 
-export const theme = persist("theme", "light");
\ No newline at end of file
+export const theme = writable(browser && localStorage.getItem("theme") || "light");
+theme.subscribe((value: string) => {
+    if (browser) {
+        if (value === "dark") {
+            localStorage.setItem("theme", "dark");
+            document.documentElement.classList.add("dark");
+        } else {
+            localStorage.setItem("theme", "light");
+            document.documentElement.classList.remove("dark");
+        }
+    }
+});
\ No newline at end of file
diff --git a/tfweb/src/routes/admin/+page.svelte b/tfweb/src/routes/admin/+page.svelte
index bc9ccb7..a4eee09 100644
--- a/tfweb/src/routes/admin/+page.svelte
+++ b/tfweb/src/routes/admin/+page.svelte
@@ -1,16 +1,21 @@
 <script lang="ts">
     import {onMount} from "svelte";
     import {enforce_auth, enforce_session} from "../../lib/auth";
+    import {Logger, logSetup} from "../../lib/logger";
+
+    let logger = new Logger("admin/+page.svelte");
+    logSetup();
 
     // this page requires session and mfa auth.
-    onMount(() => {
-        let st_result = enforce_session();
+    onMount(async () => {
+        let st_result = await enforce_session();
         if (!st_result[0]) {
+            logger.info(st_result);
             // Session token is invalid. redirect to login
             window.location = "/auth/login";
             return;
         }
-        let at_result = enforce_auth();
+        let at_result = await enforce_auth();
         if (!at_result[0]) {
             // Auth token is invalid. Redirect to mfa page.
             window.location = "/auth/mfa";
diff --git a/tfweb/src/routes/auth/login/+page.svelte b/tfweb/src/routes/auth/login/+page.svelte
index 2e3f2d4..13f6cf5 100644
--- a/tfweb/src/routes/auth/login/+page.svelte
+++ b/tfweb/src/routes/auth/login/+page.svelte
@@ -3,6 +3,8 @@
     import {API_ROOT} from "$lib/config";
     import {fetch_timeout} from "$lib/util";
     import {Logger, logSetup} from "../../../lib/logger";
+    import {onMount} from "svelte";
+    import {enforce_session} from "$lib/auth";
 
     let email = "";
     let isloading = false;
@@ -48,6 +50,16 @@
             isloading = false;
         }
     }
+
+    onMount(async () => {
+        let st_result = await enforce_session();
+        if (st_result[0]) {
+            // User already authed, redirect them
+            logger.info("User already logged in");
+            window.location.href = "/admin";
+            return;
+        }
+    })
 </script>
 
 <div class="flex in-h-full items-center justify-center py-12 px-4 sm:px-6 lg:px-8">
diff --git a/tfweb/src/routes/auth/mfa/+page.svelte b/tfweb/src/routes/auth/mfa/+page.svelte
new file mode 100644
index 0000000..849ce91
--- /dev/null
+++ b/tfweb/src/routes/auth/mfa/+page.svelte
@@ -0,0 +1,8 @@
+<script lang="ts">
+    import {onMount} from "svelte";
+    import {enforce_session} from "../../../lib/auth";
+
+    onMount(async () => {
+        let st_res = await enforce_session();
+    });
+</script>
\ No newline at end of file
diff --git a/trifid-api/src/routes/v1/auth/check_session.rs b/trifid-api/src/routes/v1/auth/check_session.rs
index 7d78d46..fea33e8 100644
--- a/trifid-api/src/routes/v1/auth/check_session.rs
+++ b/trifid-api/src/routes/v1/auth/check_session.rs
@@ -6,7 +6,6 @@ pub async fn options() -> &'static str {
     ""
 }
 
-
 #[post("/v1/auth/check_session")]
 pub async fn check_session(_user: PartialUserInfo) -> &'static str {
     "ok"
