diff --git a/tokenauth.module b/tokenauth.module
index 46163a2..7b8b33f 100644
--- a/tokenauth.module
+++ b/tokenauth.module
@@ -83,10 +83,13 @@ function tokenauth_init() {
   global $user;
   // Process any provided token and log in user
   $key = tokenauth_get_token_key();
-  if (user_is_anonymous() && isset($_REQUEST[$key]) && tokenauth_allowed_pages($_GET['q'])) {
+  if (isset($_REQUEST[$key]) && tokenauth_allowed_pages($_GET['q'])) {
     if ($uid = tokenauth_get_user($_REQUEST[$key])) {
       $account = user_load($uid);
       if (user_access('access tokenauth', $account)) {
+        if (!user_is_anonymous()) {
+          $_SESSION['tokenauth_auth_user'] = $user;
+        }
         $user = $account;
         // Store the fact that this user authenticated via token. Needed for logout.
         $_SESSION['tokenauth_auth'] = TRUE;
@@ -115,10 +118,15 @@ function tokenauth_init() {
 function tokenauth_exit() {
   global $user;
   if (tokenauth_is_token_authenticated()) {
-    // Destroy the current session:
-    session_destroy();
-    // Load the anonymous user
-    $user = drupal_anonymous_user();
+    if (!empty($_SESSION['tokenauth_auth_user'])) {
+      $user = $_SESSION['tokenauth_auth_user'];
+    }
+    else {
+      // Destroy the current session:
+      session_destroy();
+      // Load the anonymous user
+      $user = drupal_anonymous_user();
+    }
   }
 }
 
