diff --git a/src/requests_api.go b/src/requests_api.go
index bfbc2a3..6d4e233 100644
--- a/src/requests_api.go
+++ b/src/requests_api.go
@@ -53,9 +53,7 @@ func (e mainEnv) getUserRequest(w http.ResponseWriter, r *http.Request, ps httpr
 	}
 	requestInfo, err := e.db.getRequest(request)
 	if err != nil {
-		fmt.Printf("%d access denied for: %s\n", http.StatusForbidden, request)
-		w.WriteHeader(http.StatusForbidden)
-		w.Write([]byte("Access denied"))
+		returnError(w, r, "internal error", 405, err, nil)
 		return
 	}
 	if len(requestInfo) == 0 {
diff --git a/src/requests_db.go b/src/requests_db.go
index 74fccbc..f4c64d0 100644
--- a/src/requests_db.go
+++ b/src/requests_db.go
@@ -63,7 +63,7 @@ func (dbobj dbcon) getRequests(status string, offset int32, limit int32) ([]byte
 		element["more"] = false
 		if _, ok := element["change"]; ok {
 			element["more"] = true
-			element["change"] = ""
+			delete(element, "change")
 		}
 		results = append(results, element)
 	}
diff --git a/src/userapps_api.go b/src/userapps_api.go
index 2679a4f..5c694e1 100644
--- a/src/userapps_api.go
+++ b/src/userapps_api.go
@@ -164,7 +164,6 @@ func (e mainEnv) userappGet(w http.ResponseWriter, r *http.Request, ps httproute
 		returnError(w, r, "bad appname", 405, nil, event)
 		return
 	}
-
 	resultJSON, err := e.db.getUserApp(userTOKEN, appName)
 	if err != nil {
 		returnError(w, r, "internal error", 405, err, event)
diff --git a/src/userapps_db.go b/src/userapps_db.go
index 688e165..e392108 100644
--- a/src/userapps_db.go
+++ b/src/userapps_db.go
@@ -155,6 +155,9 @@ func (dbobj dbcon) listUserApps(userTOKEN string) ([]byte, error) {
 		}
 	}
 	fmt.Printf("returning: %s\n", result)
+	if len(result) == 0 {
+		return []byte("[]"), nil
+	}
 	resultJSON, err := json.Marshal(result)
 	return resultJSON, err
 }
diff --git a/src/userapps_test.go b/src/userapps_test.go
index e6afc2a..68bef3d 100644
--- a/src/userapps_test.go
+++ b/src/userapps_test.go
@@ -124,6 +124,30 @@ func TestCreateUserUpdateAppBadData(t *testing.T) {
 	}
 }
 
+func TestCreateUserAppResetData(t *testing.T) {
+	userJSON := `{"name":"tom","pass":"mylittlepony","k1":[1,10,20],"k2":{"f1":"t1"}}`
+	raw, _ := helpCreateUser(userJSON)
+	userTOKEN := raw["token"].(string)
+	appJSON := `{"shipping":"done"}`
+	appName := "shipping"
+	raw, _ = helpCreateUserApp(userTOKEN, appName, appJSON)
+	if _, ok := raw["status"]; !ok || raw["status"].(string) != "ok" {
+		t.Fatalf("Failed to create userapp")
+	}
+	raw, _ = helpUpdateUserApp(userTOKEN, appName, `{"shipping":true}`)
+	if _, ok := raw["status"]; !ok || raw["status"].(string) != "ok" {
+		t.Fatalf("Failed to update userapp")
+	}
+	raw, _ = helpUpdateUserApp(userTOKEN, appName, `{"shipping":null}`)
+	if _, ok := raw["status"]; !ok || raw["status"].(string) != "ok" {
+		t.Fatalf("Failed to update userapp")
+	}
+	raw, _ = helpGetUserApp(userTOKEN, appName)
+	if _, ok := raw["status"]; !ok || raw["status"].(string) != "ok" {
+		t.Fatalf("Failed to get app detailes for user")
+	}
+}
+
 func TestCreateUserAppFakeToken(t *testing.T) {
 	userTOKEN := "token123"
 	appJSON := `{"shipping":"done"}`
diff --git a/src/users_db.go b/src/users_db.go
index 2baf1a2..12c69cb 100644
--- a/src/users_db.go
+++ b/src/users_db.go
@@ -416,6 +416,10 @@ func (dbobj dbcon) userDecrypt(userTOKEN, src string) ([]byte, error) {
 	if userBson == nil {
 		return nil, errors.New("not found")
 	}
+	if _, ok := userBson["key"]; !ok {
+		// user might be deleted already
+		return nil, errors.New("not found")
+	}
 	userKey := userBson["key"].(string)
 	recordKey, err := base64.StdEncoding.DecodeString(userKey)
 	if err != nil {
diff --git a/src/xtokens_test.go b/src/xtokens_test.go
index 42ecd36..a824289 100644
--- a/src/xtokens_test.go
+++ b/src/xtokens_test.go
@@ -123,38 +123,44 @@ func TestUserLoginDelete(t *testing.T) {
 		t.Fatalf("Wrong status. It should be: request-created")
 	}
 	rtoken0 := raw["rtoken"].(string)
+	raw, _ = helpGetUserAppList(userTOKEN)
+	fmt.Printf("apps: %s\n", raw["apps"])
+
 	rootToken = oldRootToken
 	// get user requests
-	raw6, _ := helpGetUserRequests()
-	if raw6["total"].(float64) != 3 {
+	raw, _ = helpGetUserRequests()
+	if raw["total"].(float64) != 3 {
 		t.Fatalf("Wrong number of user requests for admin to approve/reject/s\n")
 	}
-	records := raw6["rows"].([]interface{})
-	records0 := records[2].(map[string]interface{})
-	rtoken := records0["rtoken"].(string)
-	if len(rtoken) == 0 {
-		t.Fatalf("Failed to extract request token\n")
-	}
-	if rtoken != rtoken0 {
-		t.Fatalf("Rtoken0 is wrong\n")
-	}
-	fmt.Printf("** User request record: %s\n", rtoken)
-	helpCreateUserApp(userTOKEN, "qq", `{"custom":1}`)
-	raw7, _ := helpGetUserAppList(userTOKEN)
-	fmt.Printf("apps: %s\n", raw7["apps"])
-	raw8, _ := helpGetUserRequest(rtoken0)
-	if raw8["status"].(string) != "ok" {
-		t.Fatalf("Failed to retrieve user request")
-	}
-	helpApproveUserRequest(rtoken)
-	raw9, _ := helpCancelUserRequest(rtoken0)
-	if raw9["status"].(string) != "error" {
-		t.Fatalf("Cancel request should fail here")
+	records := raw["rows"].([]interface{})
+	for id := range records {
+		records0 := records[id].(map[string]interface{})
+		action := records0["action"].(string)
+		rtoken := records0["rtoken"].(string)
+		if len(rtoken) == 0 {
+			t.Fatalf("Failed to extract request token\n")
+		}
+		if action == "forget-me" {
+			if rtoken != rtoken0 {
+				t.Fatalf("Rtoken0 is wrong\n")
+			}
+			fmt.Printf("** User request record: %s\n", rtoken)
+		}
+		raw8, _ := helpGetUserRequest(rtoken)
+		if raw8["status"].(string) != "ok" {
+			t.Fatalf("Failed to retrieve user request")
+		}
+		helpApproveUserRequest(rtoken)
+		raw9, _ := helpCancelUserRequest(rtoken)
+		if raw9["status"].(string) != "error" {
+			t.Fatalf("Cancel request should fail here")
+		}
 	}
+
 	// user should be deleted now
 	raw10, _ := helpGetUserAppList(userTOKEN)
-	if raw10["apps"] != nil {
-		t.Fatalf("Apps shoud be nil\n")
+	if len(raw10["apps"].([]interface{})) != 0 {
+		t.Fatalf("Apps list shoud be empty\n")
 	}
 }