outdated tokens are deleted before checking against cookies
if an invalid token is used we delete all stored tokens for saveness
used token will be replaced by a new one after successful authentication