diff --git a/resources/classes/token.php b/resources/classes/token.php
index 974055fdc9..2830e33a9c 100644
--- a/resources/classes/token.php
+++ b/resources/classes/token.php
@@ -59,13 +59,17 @@ class token {
 	 */
 	public function create($key) {
 
+		//clear previously validated tokens
+			$this->clear_validated();
+
 		//allow only specific characters
 			$key = preg_replace('[^a-zA-Z0-9\-_@.\/]', '', $key);
 
 		//create a token for the key submitted
 			$token = [
 				'name'=>hash_hmac('sha256', $key, bin2hex(random_bytes(32))),
-				'hash'=>hash_hmac('sha256', $key, bin2hex(random_bytes(32)))
+				'hash'=>hash_hmac('sha256', $key, bin2hex(random_bytes(32))),
+				'validated'=>false
 				];
 
 		//save in the token session array
@@ -79,6 +83,7 @@ class token {
 	/**
 	 * validate the token
 	 * @var string $key
+	 * @var string $value
 	 */
 	public function validate($key, $value = null) {
 
@@ -102,7 +107,7 @@ class token {
 			if (is_array($_SESSION['tokens'][$key]) && @sizeof($_SESSION['tokens'][$key]) != 0) {
 				foreach ($_SESSION['tokens'][$key] as $t => $token) {
 					if (hash_equals($token['hash'], $value)) {
-						unset($_SESSION['tokens'][$key][$t]);
+						$_SESSION['tokens'][$key][$t]['validated'] = true;
 						return true;
 					}
 				}
@@ -111,6 +116,23 @@ class token {
 
 	}
 
+	/**
+	 * clear previously validated tokens
+	 */
+	private function clear_validated() {
+		if (is_array($_SESSION['tokens']) && @sizeof($_SESSION['tokens']) != 0) {
+			foreach ($_SESSION['tokens'] as $key => $tokens) {
+				if (is_array($tokens) && @sizeof($tokens) != 0) {
+					foreach ($tokens as $t => $token) {
+						if ($token['validated']) {
+							unset($_SESSION['tokens'][$key][$t]);
+						}
+					}
+				}
+			}
+		}
+	}
+
 }
 
 /*
@@ -131,6 +153,8 @@ echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash'].
 		exit;
 	}
 
+//note: can use $_SERVER['PHP_SELF'] instead of actual file path
+
 */
 
-?>
+?>
\ No newline at end of file