diff --git a/client/index.html b/client/index.html
index 072f4c71..71b061d3 100644
--- a/client/index.html
+++ b/client/index.html
@@ -67,7 +67,7 @@
 							</div>
 							<div class="col-xs-12">
 								<label class="remember">
-									<input type="checkbox" name="remember" checked>
+									<input type="checkbox" name="remember" id="sign-in-remember" checked>
 									Stay signed in
 								</label>
 							</div>
diff --git a/client/js/lounge.js b/client/js/lounge.js
index 6f04b777..80f2091e 100644
--- a/client/js/lounge.js
+++ b/client/js/lounge.js
@@ -129,6 +129,11 @@ $(function() {
 				feedback.hide();
 			});
 		}
+
+		if (data.token && window.localStorage.getItem("token") !== null) {
+			window.localStorage.setItem("token", data.token);
+		}
+
 		passwordForm
 			.find("input")
 			.val("")
@@ -163,8 +168,10 @@ $(function() {
 			}
 		}
 
-		if (data.token) {
+		if (data.token && $("#sign-in-remember").is(":checked")) {
 			window.localStorage.setItem("token", data.token);
+		} else {
+			window.localStorage.removeItem("token");
 		}
 
 		$("body").removeClass("signed-out");
diff --git a/src/client.js b/src/client.js
index 15d95554..bdf6c146 100644
--- a/src/client.js
+++ b/src/client.js
@@ -64,10 +64,15 @@ function Client(manager, name, config) {
 		sockets: manager.sockets,
 		manager: manager
 	});
+
 	var client = this;
-	crypto.randomBytes(48, function(err, buf) {
-		client.token = buf.toString("hex");
-	});
+
+	if (!client.config.token) {
+		client.updateToken(function() {
+			client.manager.updateUser(client.name, {token: client.config.token});
+		});
+	}
+
 	if (config) {
 		var delay = 0;
 		(config.networks || []).forEach(function(n) {
@@ -255,19 +260,36 @@ Client.prototype.connect = function(args) {
 	});
 };
 
-Client.prototype.setPassword = function(hash) {
+Client.prototype.updateToken = function(callback) {
 	var client = this;
-	client.manager.updateUser(client.name, {password: hash});
-	// re-read the hash off disk to ensure we use whatever is saved. this will
-	// prevent situations where the password failed to save properly and so
-	// a restart of the server would forget the change and use the old
-	// password again.
-	var user = client.manager.readUserConfig(client.name);
-	if (user.password === hash) {
-		client.config.password = hash;
-		return true;
-	}
-	return false;
+
+	crypto.randomBytes(48, function(err, buf) {
+		client.config.token = buf.toString("hex");
+		callback();
+	});
+};
+
+Client.prototype.setPassword = function(hash, callback) {
+	var client = this;
+
+	client.updateToken(function() {
+		client.manager.updateUser(client.name, {
+			token: client.config.token,
+			password: hash
+		});
+
+		// re-read the hash off disk to ensure we use whatever is saved. this will
+		// prevent situations where the password failed to save properly and so
+		// a restart of the server would forget the change and use the old
+		// password again.
+		var user = client.manager.readUserConfig(client.name);
+		if (user.password === hash) {
+			client.config.password = hash;
+			callback(true);
+		} else {
+			callback(false);
+		}
+	});
 };
 
 Client.prototype.input = function(data) {
diff --git a/src/command-line/reset.js b/src/command-line/reset.js
index d337c809..ab7b956c 100644
--- a/src/command-line/reset.js
+++ b/src/command-line/reset.js
@@ -23,6 +23,7 @@ program
 				return;
 			}
 			user.password = bcrypt.hashSync(password, bcrypt.genSaltSync(8));
+			user.token = null; // Will be regenerated when the user is loaded
 			fs.writeFileSync(
 				file,
 				JSON.stringify(user, null, "  ")
diff --git a/src/server.js b/src/server.js
index 77d8679f..a02a07b3 100644
--- a/src/server.js
+++ b/src/server.js
@@ -109,7 +109,7 @@ function index(req, res, next) {
 	});
 }
 
-function init(socket, client, token) {
+function init(socket, client) {
 	if (!client) {
 		socket.emit("auth");
 		socket.on("auth", auth);
@@ -160,16 +160,21 @@ function init(socket, client, token) {
 						});
 						return;
 					}
+
 					var salt = bcrypt.genSaltSync(8);
 					var hash = bcrypt.hashSync(p1, salt);
-					if (client.setPassword(hash)) {
-						socket.emit("change-password", {
-							success: "Successfully updated your password"
-						});
-						return;
-					}
-					socket.emit("change-password", {
-						error: "Failed to update your password"
+
+					client.setPassword(hash, function(success) {
+						var obj = {};
+
+						if (success) {
+							obj.success = "Successfully updated your password, all your other sessions were logged out";
+							obj.token = client.config.token;
+						} else {
+							obj.error = "Failed to update your password";
+						}
+
+						socket.emit("change-password", obj);
 					});
 				}
 			);
@@ -196,12 +201,12 @@ function init(socket, client, token) {
 		socket.emit("init", {
 			active: client.activeChannel,
 			networks: client.networks,
-			token: token || ""
+			token: client.config.token
 		});
 	}
 }
 
-function reverseDnsLookup(socket, client, token) {
+function reverseDnsLookup(socket, client) {
 	client.ip = getClientIp(socket.request);
 
 	dns.reverse(client.ip, function(err, host) {
@@ -211,7 +216,7 @@ function reverseDnsLookup(socket, client, token) {
 			client.hostname = client.ip;
 		}
 
-		init(socket, client, token);
+		init(socket, client);
 	});
 }
 
@@ -233,7 +238,7 @@ function auth(data) {
 		var success = false;
 		_.each(manager.clients, function(client) {
 			if (data.token) {
-				if (data.token === client.token) {
+				if (data.token === client.config.token) {
 					success = true;
 				}
 			} else if (client.config.user === data.user) {
@@ -242,14 +247,10 @@ function auth(data) {
 				}
 			}
 			if (success) {
-				var token;
-				if (data.remember || data.token) {
-					token = client.token;
-				}
 				if (config.webirc !== null && !client.config["ip"]) {
-					reverseDnsLookup(socket, client, token);
+					reverseDnsLookup(socket, client);
 				} else {
-					init(socket, client, token);
+					init(socket, client);
 				}
 				return false;
 			}