diff --git a/src/users_api.go b/src/users_api.go
index 58108da..02ce54c 100644
--- a/src/users_api.go
+++ b/src/users_api.go
@@ -347,12 +347,13 @@ func (e mainEnv) userLogin(w http.ResponseWriter, r *http.Request, ps httprouter
 	if tmp == tmpCode {
 		// user ented correct key
 		// generate temp user access code
-		xtoken, err := e.db.generateUserLoginXtoken(userTOKEN)
+		xtoken, hashedToken, err := e.db.generateUserLoginXtoken(userTOKEN)
 		//fmt.Printf("generate user access token: %s\n", xtoken)
 		if err != nil {
 			returnError(w, r, "internal error", 405, err, event)
 			return
 		}
+		event.Msg = "Generating access token: " + hashedToken
 		w.Header().Set("Content-Type", "application/json; charset=utf-8")
 		w.WriteHeader(200)
 		fmt.Fprintf(w, `{"status":"ok","xtoken":"%s","token":"%s"}`, xtoken, userTOKEN)
diff --git a/src/xtokens_db.go b/src/xtokens_db.go
index c873df6..1e082a0 100644
--- a/src/xtokens_db.go
+++ b/src/xtokens_db.go
@@ -45,26 +45,27 @@ func (dbobj dbcon) createRootXtoken(demo bool) (string, error) {
 	return rootToken, nil
 }
 
-func (dbobj dbcon) generateUserLoginXtoken(userTOKEN string) (string, error) {
+func (dbobj dbcon) generateUserLoginXtoken(userTOKEN string) (string, string, error) {
 	// check if user record exists
 	record, err := dbobj.lookupUserRecord(userTOKEN)
 	if record == nil || err != nil {
 		// not found
-		return "", errors.New("not found")
+		return "", "", errors.New("not found")
 	}
 	tokenUUID, err := uuid.GenerateUUID()
 	if err != nil {
-		return "", err
+		return "", "", err
 	}
+	hashedToken := hashString(dbobj.hash, tokenUUID)
 	// by default login token for 30 minutes only
 	expired := int32(time.Now().Unix()) + 10*60
 	bdoc := bson.M{}
 	bdoc["token"] = userTOKEN
-	bdoc["xtoken"] = hashString(dbobj.hash, tokenUUID)
+	bdoc["xtoken"] = hashedToken
 	bdoc["type"] = "login"
 	bdoc["endtime"] = expired
 	_, err = dbobj.store.CreateRecord(storage.TblName.Xtokens, bdoc)
-	return tokenUUID, err
+	return tokenUUID, hashedToken, err
 }
 
 /*