diff --git a/web/lib/auth.js b/web/lib/auth.js
index f17551d28b6e0ffe250f6d069e8f939b2aa7518a..2164aa53137a3a4ecf70189922d305951831c9b5 100644
--- a/web/lib/auth.js
+++ b/web/lib/auth.js
@@ -48,6 +48,7 @@ function setCookie(usr, sessionKey) {
 
 function validateSession(cookies) {
 
+  var usr = new User(0);
 	for (var c in cookies) {
 
 		if (cookies[c].search(/^\d+,\w+$/) < 0) continue;
@@ -55,7 +56,7 @@ function validateSession(cookies) {
 		var cookie = cookies[c].split(',');
 
 		try {
-			var usr = new User(cookie[0]);
+			usr.number = cookie[0];
 			if (usr.number < 1) {
 				throw 'Invalid user number ' + cookie[0] + ' in cookie.';
 			}
@@ -70,17 +71,20 @@ function validateSession(cookies) {
 			continue;
 		}
 
-		authenticate(usr.alias, usr.security.password);
+		var _usr = authenticate(usr.alias, usr.security.password);
+    _usr = undefined;
 		setCookie(usr, session.key);
 		setSessionValue(usr.number, 'ip_address', client.ip_address);
 		break;
 
 	}
+  usr = undefined;
 
 }
 
 function destroySession(cookies) {
 
+  var usr = new User(0);
 	for (var c in cookies) {
 
 		if (cookies[c].search(/^\d+,\w+$/) < 0)	continue;
@@ -89,7 +93,7 @@ function destroySession(cookies) {
 
 		try {
 
-			var usr = new User(cookie[0]);
+			usr.number = cookie[0];
 			if(usr.number < 1) {
 				throw 'Invalid user number ' + cookie[0] + ' in cookie.';
 			}
@@ -123,6 +127,7 @@ function destroySession(cookies) {
 		}
 
 	}
+  usr = undefined;
 
 }
 
@@ -174,6 +179,7 @@ if (user.number === 0) {
 	if (gn > 0) {
 		var gu = new User(gn);
 		login(gu.alias, gu.security.password);
+    gu = undefined;
 	} else {
 		// Otherwise just kill the script, for security's sake
 		exit();
diff --git a/web/pages/.examples/More/001-userlist.xjs b/web/pages/.examples/More/001-userlist.xjs
index fca38c012ed6d35d239200e66279ddb2eb8e33f9..bf63f03c7a98ac4a92aa935baa048d053e98ef6f 100644
--- a/web/pages/.examples/More/001-userlist.xjs
+++ b/web/pages/.examples/More/001-userlist.xjs
@@ -152,6 +152,7 @@
 			}
 			users.push(copyProperties(usr, {}));
 		}
+    usr = undefined;
 		users.sort(sortUsers);
 		return users.slice(offset, offset + pageSize);
 	}
diff --git a/web/root/api/system.ssjs b/web/root/api/system.ssjs
index 2ebcc4688f75b3eaf2c1ba70f934dc9b79732713..34a888720eed8c4d549a21e324220b497dbacdf9 100644
--- a/web/root/api/system.ssjs
+++ b/web/root/api/system.ssjs
@@ -19,7 +19,7 @@ if ((http_request.method === 'GET' || http_request.method === 'POST') &&
 	switch (http_request.query.call[0]) {
 
 		case 'node-list':
-      var usr = new User(1);
+      var usr = new User(0);
 			reply = system.node_list.map(function (node) {
         usr.number = node.useron;
 				return ({
@@ -42,6 +42,7 @@ if ((http_request.method === 'GET' || http_request.method === 'POST') &&
 					user : usr.alias
 				});
 			}
+      usr = undefined;
 			break;
 
 		case 'send-telegram':