diff --git a/resources/classes/token.php b/resources/classes/token.php
index 8866d76d1c..974055fdc9 100644
--- a/resources/classes/token.php
+++ b/resources/classes/token.php
@@ -17,7 +17,7 @@
 
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2019
+	Portions created by the Initial Developer are Copyright (C) 2019-2020
 	the Initial Developer. All Rights Reserved.
 
 	Contributor(s):
@@ -60,14 +60,19 @@ class token {
 	public function create($key) {
 
 		//allow only specific characters
-		$key = preg_replace('[^a-zA-Z0-9\-_@.\/]', '', $key);
+			$key = preg_replace('[^a-zA-Z0-9\-_@.\/]', '', $key);
 
-		//create a token and save in the token session array
-		$_SESSION['tokens'][$key]['name'] = hash_hmac('sha256', $key, bin2hex(random_bytes(32)));
-		$_SESSION['tokens'][$key]['hash'] = hash_hmac('sha256', $key, bin2hex(random_bytes(32)));
+		//create a token for the key submitted
+			$token = [
+				'name'=>hash_hmac('sha256', $key, bin2hex(random_bytes(32))),
+				'hash'=>hash_hmac('sha256', $key, bin2hex(random_bytes(32)))
+				];
+
+		//save in the token session array
+			$_SESSION['tokens'][$key][] = $token;
 
 		//send the hash
-		return $_SESSION['tokens'][$key];
+			return $token;
 
 	}
 
@@ -78,27 +83,31 @@ class token {
 	public function validate($key, $value = null) {
 
 		//allow only specific characters
-		$key = preg_replace('[^a-zA-Z0-9]', '', $key);
+			$key = preg_replace('[^a-zA-Z0-9]', '', $key);
 
 		//get the token name
-		$token_name = $_SESSION['tokens'][$key]['name'];
-		if (isset($_REQUEST[$token_name])) {
-			$value = $_REQUEST[$token_name];
-		}
-		else {
-			$value;
-		}
+			if (is_array($_SESSION['tokens'][$key]) && @sizeof($_SESSION['tokens'][$key]) != 0) {
+				foreach ($_SESSION['tokens'][$key] as $t => $token) {
+					$token_name = $token['name'];
+					if (isset($_REQUEST[$token_name])) {
+						$value = $_REQUEST[$token_name];
+					}
+				}
+			}
 
 		//limit the value to specific characters
-		$value = preg_replace('[^a-zA-Z0-9]', '', $value);
+			$value = preg_replace('[^a-zA-Z0-9]', '', $value);
 
 		//compare the hashed tokens
-		if (hash_equals($_SESSION['tokens'][$key]['hash'], $value)) {
-			return true;
-		}
-		else {
+			if (is_array($_SESSION['tokens'][$key]) && @sizeof($_SESSION['tokens'][$key]) != 0) {
+				foreach ($_SESSION['tokens'][$key] as $t => $token) {
+					if (hash_equals($token['hash'], $value)) {
+						unset($_SESSION['tokens'][$key][$t]);
+						return true;
+					}
+				}
+			}
 			return false;
-		}
 
 	}