diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 9a5f5cdd..69f875a7 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -146,6 +146,9 @@ function auth_error(string $error, array &$permanent) {
 	}
 	$params = session_get_cookie_params();
 	cookie("adminer_key", ($_COOKIE["adminer_key"] ?: rand_string()), $params["lifetime"]);
+	if (!$_SESSION["token"]) {
+		$_SESSION["token"] = rand(1, 1e6); // this is for next attempt
+	}
 	page_header(lang('Login'), $error, null);
 	echo "<form action='' method='post'>\n";
 	echo "<div>";
@@ -187,11 +190,9 @@ if (isset($_GET["username"]) && is_string(get_password())) {
 
 $login = null;
 if (!is_object($connection) || ($login = adminer()->login($_GET["username"], get_password())) !== true) {
-	$error = (is_string($connection) ? nl_br(h($connection)) : (is_string($login) ? $login : lang('Invalid credentials.')));
-	auth_error(
-		$error . (preg_match('~^ | $~', get_password()) ? '<br>' . lang('There is a space in the input password which might be the cause.') : ''),
-		$permanent
-	);
+	$error = (is_string($connection) ? nl_br(h($connection)) : (is_string($login) ? $login : lang('Invalid credentials.')))
+		. (preg_match('~^ | $~', get_password()) ? '<br>' . lang('There is a space in the input password which might be the cause.') : '');
+	auth_error($error, $permanent);
 }
 
 if ($_POST["logout"] && $_SESSION["token"] && !verify_token()) {