diff --git a/client/components/Api/Api.vue b/client/components/Api/Api.vue
index 020600f..b8d8854 100644
--- a/client/components/Api/Api.vue
+++ b/client/components/Api/Api.vue
@@ -109,10 +109,6 @@ class Api {
         }
     }
 
-    get config() {
-        return this.$store.state.config;
-    }
-
     get settings() {
         return this.$store.state.settings;
     }
diff --git a/client/components/Search/Search.vue b/client/components/Search/Search.vue
index d12cdcf..4292d95 100644
--- a/client/components/Search/Search.vue
+++ b/client/components/Search/Search.vue
@@ -435,6 +435,8 @@ class Search {
 
     mounted() {
         (async() => {
+            await this.api.updateConfig();
+
             //для встраивания в liberama
             window.addEventListener('message', (event) => {
                 if (!_.isObject(event.data) || event.data.from != 'ExternalLibs')
diff --git a/server/controllers/WebSocketController.js b/server/controllers/WebSocketController.js
index 6f88cf0..eea3c01 100644
--- a/server/controllers/WebSocketController.js
+++ b/server/controllers/WebSocketController.js
@@ -68,7 +68,7 @@ class WebSocketController {
             this.send({_rok: 1}, req, ws);
 
             //access
-            if (!this.webAccess.hasAccess(req.accessToken)) {
+            if (!await this.webAccess.hasAccess(req.accessToken)) {
                 await utils.sleep(500);
                 const salt = this.webAccess.newToken();
                 this.send({error: 'need_access_token', salt}, req, ws);
diff --git a/server/core/WebAccess.js b/server/core/WebAccess.js
index 6c05b37..a272cb7 100644
--- a/server/core/WebAccess.js
+++ b/server/core/WebAccess.js
@@ -47,28 +47,22 @@ class WebAccess {
             }
         }
 
-        //проверим, можно ли загружать токены из таблицы access
+        await db.create({table: 'access', quietIfExists: true});
+        //проверим, нужно ли обнулить таблицу access
         const pass = utils.getBufHash(this.config.accessPassword, 'sha256', 'hex');
         await db.create({table: 'config', quietIfExists: true});
         let rows = await db.select({table: 'config', where: `@@id('pass')`});
 
-        let loadMap = false;
-        if (rows.length && rows[0].value === pass) {
-            //пароль не сменился в конфиге, можно загружать токены
-            loadMap = true;
-        } else {
+        if (!rows.length || rows[0].value !== pass) {
+            //пароль сменился в конфиге, обнуляем токены
+            await db.truncate({table: 'access'});
             await db.insert({table: 'config', replace: true, rows: [{id: 'pass', value: pass}]});
         }
 
-        await db.create({table: 'access', quietIfExists: true});
-
-        if (loadMap) {
-            //загрузим токены сессий
-            rows = await db.select({table: 'access'});
-
-            for (const row of rows)
-                this.accessMap.set(row.id, row.value);
-        }
+        //загрузим токены сессий
+        rows = await db.select({table: 'access'});
+        for (const row of rows)
+            this.accessMap.set(row.id, row.value);
 
         this.db = db;
     }
@@ -99,7 +93,7 @@ class WebAccess {
         }
     }
 
-    hasAccess(accessToken) {
+    async hasAccess(accessToken) {
         if (this.freeAccess)
             return true;
 
@@ -111,6 +105,8 @@ class WebAccess {
                 accessRec.used++;
                 accessRec.time = now;
                 accessRec.saved = false;
+                if (accessRec.used === 1)
+                    await this.saveAccess(accessToken);
                 return true;
             }
         }