diff --git a/src/utils/auth.rs b/src/utils/auth.rs
index ad53421..0d115b8 100644
--- a/src/utils/auth.rs
+++ b/src/utils/auth.rs
@@ -534,15 +534,25 @@ pub async fn create_refresh_token(
 
      /*.map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "Error mapping hotel_ids".to_string())); */   
 
-            let mut exist_stmt = conn.prepare("SELECT id FROM refresh_token WHERE device_id = ?1 AND user_agent = ?2"
+    let mut exist_stmt = conn.prepare(
+        "SELECT id FROM refresh_token 
+        WHERE device_id = ?1 AND user_agent = ?2 AND user_id=?3"
     ) .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?;
     
-    let existing_token_id: i32 = match exist_stmt.query_one(params![device_id_str,user_agent_str], |row| row.get (0)) {
-        Ok(id) => id,
-        Err(_) => return Err((StatusCode::INTERNAL_SERVER_ERROR, "error fetching credentials".to_string())),
+    let existing_token_id: i32 = match exist_stmt.query_one(
+        params![device_id_str,user_agent_str, user_id],
+        |row| row.get (0)
+    ) {
+            Ok(id) => id,
+            Err(_) => return Err((StatusCode::INTERNAL_SERVER_ERROR, "error fetching credentials".to_string())),
     };
 
+    match existing_token_id {
+        //placeholder functions and match arms
+        Some(id) => updateToken(id),
+        None(_) => createNewToken(),
 
+    };
 
     conn.execute(
         "INSERT INTO refresh_token (user_id, token_hash, device_id, user_agent, hotel_id_list)
@@ -557,37 +567,6 @@ pub async fn create_refresh_token(
     ).map_err(|e| {
         (StatusCode::INTERNAL_SERVER_ERROR, format!("DB error: {}", e))
     })?;
-    //TODO: insert single refresh token 
-    /*
-    for user_row_result in user_rows {
-        let (user_id, stored_hash, hotel_id) = user_row_result
-            .map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB row error".to_string()))?;
-
-        if !verify_password(&payload.password, &stored_hash) {
-            continue; // Skip rows with invalid password
-        }
-
-        /*
-        let mut bytes = [0u8; 64];
-        OsRng.fill_bytes(&mut bytes);
-        let raw_token = Uuid::new_v4().to_string();
-
-        let hashed_token = argon2
-            .hash_password(raw_token.as_bytes(), &salt)
-            .map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, e.to_string()))?
-            .to_string();
-        */
-        
-        conn.execute(
-            "INSERT INTO refresh_token (user_id, token_hash, device_id, user_agent, hotel_id) VALUES (?1, ?2, ?3, ?4, ?5)",
-            params![user_id, hashed_token, device_id_str, user_agent_str, hotel_id],
-        )
-        .map_err(|_| (StatusCode::INTERNAL_SERVER_ERROR, "DB insert error".to_string()))?;
-
-        //tokens.push(raw_token);
-    }
-   
-    */
 
     //TODO: add a map/tupple of of the allowed hotels and their id+name, maybe update the token ?