diff --git a/modules/api/api.js b/modules/api/api.js
index f0e1bbd..70e49b1 100644
--- a/modules/api/api.js
+++ b/modules/api/api.js
@@ -88,13 +88,19 @@ app.use(session({
   saveUninitialized: true
 }))
 app.use(cookieParser())
+app.use(bodyParser.urlencoded({
+  limit: '10mb',
+  extended: true
+}))
+app.use(bodyParser.json({
+  limit: '10mb'
+}))
 app.set('view engine', 'ejs')
 app.set('views', [
   './modules/api/views',
   './sharedViews'
 ])
 app.use(auth({
-  debugLog: true,
   authDB: authDB
 }))
 app.use(express.static('public'))
@@ -103,13 +109,6 @@ app.use(busboy({
     fileSize: 50000 * 1024 * 1024
   }
 }))
-app.use(bodyParser.urlencoded({
-  limit: '10mb',
-  extended: true
-}))
-app.use(bodyParser.json({
-  limit: '10mb'
-}))
 
 var data = actions.LoadJSON(dataFile)
 var version = ''
@@ -143,12 +142,12 @@ Load()
 
 app.post('/login', (req, res) => {
   logger.LogReq(req)
-  console.log(req.body)
+  const pw = req.body.pw
   // FIXME: redirect to original url
   const user = 'u'
   // TODO: get user
   // TODO: check if pw is correct
-  res.cookie('pw', req.query.pw).redirect('/')
+  res.cookie('pw', pw).redirect('/')
   req.session.user = user
 })
 
diff --git a/modules/api/auth.middleware.js b/modules/api/auth.middleware.js
index f99548f..296e29e 100644
--- a/modules/api/auth.middleware.js
+++ b/modules/api/auth.middleware.js
@@ -3,14 +3,25 @@ const dbtools = require('../../utils/dbtools.js')
 
 const usersDBName = 'users'
 
+const exceptions = [
+  'favicon',
+  '/login'
+]
+
 // TODO: session
 
 module.exports = function (options) {
-  const { debugLog, authDB } = options
+  const { authDB } = options
 
   return function (req, res, next) {
-    if (debugLog) {
-      logger.Log('AUTH: ' + req.url)
+    logger.DebugLog(`AUTH: ${req.url}`, 'auth', 1)
+    const isException = exceptions.some((exc) => {
+      return req.url === exc
+    })
+
+    if (isException) {
+      next()
+      return
     }
 
     const user = GetUserByPW(authDB, req.cookies.pw)
@@ -24,7 +35,14 @@ module.exports = function (options) {
 }
 
 function GetUserByPW (db, password) {
-  return dbtools.Select(db, usersDBName, {
+  if (password === undefined) {
+    return
+  }
+
+  const res = dbtools.Select(db, usersDBName, {
     pw: password
-  })[0]
+  })
+  if (res) {
+    return res[0]
+  }
 }
diff --git a/server.js b/server.js
index aaa30c1..de918cf 100755
--- a/server.js
+++ b/server.js
@@ -38,6 +38,7 @@ const loggableKeywords = [
 ]
 let modules = JSON.parse(utils.ReadFile(modulesFile))
 
+console.clear()
 logger.Load()
 
 try {