diff --git a/monkey/monkey_island/cc/app.py b/monkey/monkey_island/cc/app.py
index ea81c0903..6647d4b10 100644
--- a/monkey/monkey_island/cc/app.py
+++ b/monkey/monkey_island/cc/app.py
@@ -73,9 +73,9 @@ def init_app_config(app, mongo_url):
     app.config['MONGO_URI'] = mongo_url
 
     # See https://flask-jwt-extended.readthedocs.io/en/stable/options
-    app.config['JWT_TOKEN_LOCATION'] = ['headers']
     app.config['JWT_ACCESS_TOKEN_EXPIRES'] = env_singleton.env.get_auth_expiration_time()
-    # Invalidate the signature of JWTs between server resets.
+    # Invalidate the signature of JWTs if the server process restarts. This avoids the edge case of getting a JWT,
+    # deciding to reset credentials and then still logging in with the old JWT.
     app.config['JWT_SECRET_KEY'] = str(uuid.uuid4())
 
 
diff --git a/monkey/monkey_island/cc/resources/auth/auth.py b/monkey/monkey_island/cc/resources/auth/auth.py
index 86d0f6924..71611221c 100644
--- a/monkey/monkey_island/cc/resources/auth/auth.py
+++ b/monkey/monkey_island/cc/resources/auth/auth.py
@@ -47,7 +47,7 @@ class Authenticate(flask_restful.Resource):
         # If the user and password have been previously registered
         if self._authenticate(username, secret):
             access_token = flask_jwt_extended.create_access_token(identity=user_store.UserStore.username_table[username].id)
-            logger.debug(f"Created access token for user {username}: {access_token}")
+            logger.debug(f"Created access token for user {username} that begins with {access_token[:4]}")
             return make_response({"access_token": access_token, "error": ""}, 200)
         else:
             return make_response({"error": "Invalid credentials"}, 401)