diff --git a/letsencrypt.js b/letsencrypt.js
index 68cf4bf4..13e58421 100644
--- a/letsencrypt.js
+++ b/letsencrypt.js
@@ -91,7 +91,7 @@ module.exports.CreateLetsEncrypt = function (parent) {
             // Decode the certificate common and alt names
             obj.certNames = [cert.subject.getField('CN').value];
             var altNames = cert.getExtension('subjectAltName');
-            if (altNames) { for (i = 0; i < altNames.altNames.length; i++) { var acn = altNames.altNames[i].value.toLowerCase(); if (obj.certNames.indexOf(acn) == -1) { obj.certNames.push(acn); } } }
+            if (altNames) { for (var i = 0; i < altNames.altNames.length; i++) { var acn = altNames.altNames[i].value.toLowerCase(); if (obj.certNames.indexOf(acn) == -1) { obj.certNames.push(acn); } } }
 
             // Decode the certificate expire time
             obj.certExpire = cert.validity.notAfter;
diff --git a/meshcentral.js b/meshcentral.js
index 2299773b..c008a3fc 100644
--- a/meshcentral.js
+++ b/meshcentral.js
@@ -1958,7 +1958,7 @@ function CreateMeshCentralServer(config, args) {
         for (var i in ids) { var id = ids[i]; if (!obj.eventsDispatch[id]) { obj.eventsDispatch[id] = [target]; } else { obj.eventsDispatch[id].push(target); } }
     };
     obj.RemoveEventDispatch = function (ids, target) {
-        obj.debug('dispatch', 'RemoveEventDispatch', id);
+        obj.debug('dispatch', 'RemoveEventDispatch', ids);
         for (var i in ids) { var id = ids[i]; if (obj.eventsDispatch[id]) { var j = obj.eventsDispatch[id].indexOf(target); if (j >= 0) { if (obj.eventsDispatch[id].length == 1) { delete obj.eventsDispatch[id]; } else { obj.eventsDispatch[id].splice(j, 1); } } } }
     };
     obj.RemoveEventDispatchId = function (id) {
diff --git a/webserver.js b/webserver.js
index 7aecfe76..836ffe13 100644
--- a/webserver.js
+++ b/webserver.js
@@ -6287,6 +6287,8 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                 // A user/pass is provided in URL arguments
                 obj.authenticate(req.query.user, req.query.pass, domain, function (err, userid, passhint, loginOptions) {
 
+                    var user = obj.users[userid];
+
                     // Check if user as the "notools" site right. If so, deny this connection as tools are not allowed to connect.
                     if ((user != null) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & SITERIGHT_NOMESHCMD)) {
                         // No tools allowed, close the websocket connection
@@ -6299,7 +6301,6 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                     var twoFactorCookieDays = 30;
                     if (typeof domain.twofactorcookiedurationdays == 'number') { twoFactorCookieDays = domain.twofactorcookiedurationdays; }
 
-                    var user = obj.users[userid];
                     if ((err == null) && (user)) {
                         // Check if a 2nd factor is needed
                         if (checkUserOneTimePasswordRequired(domain, user, req, loginOptions) == true) {