diff --git a/admin/schema.php b/admin/schema.php
index 3d0fac7..17b892a 100644
--- a/admin/schema.php
+++ b/admin/schema.php
@@ -347,4 +347,6 @@ $upgrade[] = Array('CreateTableSQL', Array( config_get( 'mantis_bug_tag_table' )
 	user_id			I	UNSIGNED NOTNULL DEFAULT '0',
 	date_attached	T	NOTNULL DEFAULT '1970-01-01 00:00:01'
 	", Array( 'mysql' => 'TYPE=MyISAM', 'pgsql' => 'WITHOUT OIDS' ) ) );
+
+$upgrade[] = Array('CreateIndexSQL', Array( 'idx_typeowner', config_get( 'mantis_tokens_table' ), 'type, owner' ) );
 ?>
diff --git a/core.php b/core.php
index 54be105..6d42a99 100644
--- a/core.php
+++ b/core.php
@@ -92,7 +92,6 @@
 	# load utility functions used by everything else
 	require_once( $t_core_path.'utility_api.php' );
 	require_once( $t_core_path.'compress_api.php' );
-	require_once( $t_core_path.'tokens_api.php' );
 
 	# Load internationalization functions (needed before database_api, in case database connection fails)
 	require_once( $t_core_path.'lang_api.php' );
@@ -152,4 +151,4 @@
 	if ( !isset( $g_bypass_headers ) && !headers_sent() ) {
 		header( 'Content-type: text/html;charset=' . lang_get( 'charset' ) );
 	}
-?>
\ No newline at end of file
+?>
diff --git a/core/constant_inc.php b/core/constant_inc.php
index 7f0e0d3..56ddc8c 100644
--- a/core/constant_inc.php
+++ b/core/constant_inc.php
@@ -307,6 +307,9 @@
 	define( 'ERROR_TAG_NOT_ATTACHED', 2203 );
 	define( 'ERROR_TAG_ALREADY_ATTACHED', 2204 );
 
+	# ERROR_TOKEN_*
+	define( 'ERROR_TOKEN_NOT_FOUND', 2300 );
+
 	# Status Legend Position
 	define( 'STATUS_LEGEND_POSITION_TOP',		1);
 	define( 'STATUS_LEGEND_POSITION_BOTTOM',	2);
@@ -358,6 +361,9 @@
 	define( 'TOKEN_FILTER',			1 );
 	define( 'TOKEN_GRAPH',			2 );
 	define( 'TOKEN_LAST_VISITED',	3 );
+	define( 'TOKEN_USER',			1000 );
+
+	define( 'TOKEN_EXPIRY', 		60*60 ); # Default expiration of 60 minutes ( 3600 seconds )
 
 	# config types
 	define( 'CONFIG_TYPE_INT', 1 );
diff --git a/core/current_user_api.php b/core/current_user_api.php
index 8254dee..d38a81c 100644
--- a/core/current_user_api.php
+++ b/core/current_user_api.php
@@ -113,7 +113,7 @@
 
 		if ( !is_blank( $f_filter_string ) ) {
 			if( is_numeric( $f_filter_string ) ) {
-				$t_filter = unserialize( token_get_value( $f_filter_string ) );
+				$t_filter = unserialize( token_get_value( TOKEN_FILTER ) );
 			} else {
 				$t_filter = unserialize( $f_filter_string );
 			}
diff --git a/core/last_visited_api.php b/core/last_visited_api.php
index 212a11c..c6b53b3 100644
--- a/core/last_visited_api.php
+++ b/core/last_visited_api.php
@@ -28,7 +28,7 @@
 
 		$c_issue_id = db_prepare_int( $p_issue_id );
 
-		$t_value = token_get_value_by_type( TOKEN_LAST_VISITED, $p_user_id );
+		$t_value = token_get_value( TOKEN_LAST_VISITED, $p_user_id );
 		if ( is_null( $t_value ) ) {
 			$t_value = $c_issue_id;
 		} else {
@@ -38,14 +38,14 @@
 			$t_value = implode( ',', $t_ids );
 		}
 		
-		token_set_value_by_type( $t_value, TOKEN_LAST_VISITED, $p_user_id );
+		token_set( TOKEN_LAST_VISITED, $t_value, $p_user_id );
 	}
 	
 	#---------------------------------
 	# Get an array of the last visited bug ids.  We intentionally don't check if the ids still exists to avoid performance
 	# degradation.
 	function last_visited_get_array( $p_user_id = null ) {
-		$t_value = token_get_value_by_type( TOKEN_LAST_VISITED, $p_user_id );
+		$t_value = token_get_value( TOKEN_LAST_VISITED, $p_user_id );
 
 		if ( is_null( $t_value ) ) {
 			return array();
diff --git a/core/tokens_api.php b/core/tokens_api.php
index 4d649eb..aa7340f 100644
--- a/core/tokens_api.php
+++ b/core/tokens_api.php
@@ -1,7 +1,7 @@
 <?php
 	# Mantis - a php based bugtracking system
 	# Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-	# Copyright (C) 2002 - 2004  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+	# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 	# This program is distributed under the terms and conditions of the GPL
 	# See the README and LICENSE files for details
 
@@ -9,87 +9,132 @@
 	# $Id: tokens_api.php,v 1.5 2006/08/12 08:04:13 vboctor Exp $
 	# --------------------------------------------------------
 
-	### TOKENS API ###
-
 	# This implements temporary storage of strings.
 	# DB schema: id, type, owner, timestamp, value
 
-	# TODO
-	# 1. add constant for user token types TOKEN_USER. users can define token_my_type = token_user, token_other = token_user + 1 etc
-	#    TOKEN_USER = 1000
-	# 2. Implement Token_touch
-	# 3. Test token_ensure_owner
-	# 4. Add index on type + owner to DB
-	# 5. remove 'timestamp' from dbschema?
-	# 6. Replace generic errors
-	# 7. add an 'expiry' param to token_add
-	# 8. rework ts_purge_expired not to be called on every get. Maybe call it if token is found to be expired.
-	# 9. return 'default param' from token_add is token not found
-
-	# --------------------
-	function token_ensure_owner( $p_token_id, $p_user_id = null ) {
-		$c_token_id = db_prepare_int( $p_token_id );
+	/**
+	 * Check if a token exists.
+	 * @param integer Token ID
+	 * @return boolean True if token exists
+	 */
+	function token_exists( $p_token_id ) {
+		$c_token_id   	= db_prepare_int( $p_token_id );
 		$t_tokens_table	= config_get( 'mantis_tokens_table' );
 
-		if( $p_user_id == null ) {
-			$c_user_id = auth_get_current_user_id();
-		} else {
-			$c_user_id = db_prepare_int( $p_user_id );
-		}
+		$query 	= "SELECT id
+		          	FROM $t_tokens_table
+		          	WHERE id='$c_token_id'";
+		$result	= db_query( $query, 1 );
 
-		$query = "SELECT owner
-				          	FROM $t_tokens_table
-				          	WHERE id='$c_token_id'";
-		$result = db_query( $query );
+		return( 1 == db_num_rows( $result ) );
+	}
 
-		if( db_result( $result ) != $c_user_id ) {
-			trigger_error( ERROR_GENERIC, ERROR );
+	/**
+	 * Make sure a token exists.
+	 * @param integer Token ID
+	 * @return boolean True if token exists
+	 */
+	function token_ensure_exists( $p_token_id ) {
+		if ( !token_exists( $p_token_id ) ) {
+			trigger_error( ERROR_TOKEN_NOT_FOUND, ERROR );
 		}
 
 		return true;
 	}
 
-	# --------------------
-	function token_touch( $p_token_id, $p_expiry_delay ) {
-	}
+	# High-level CRUD Usage
 
-	# --------------------
-	function token_delete_by_owner( $p_user_id = null ) {
-		if( $p_user_id == null ) {
-			$c_user_id = auth_get_current_user_id();
+	/**
+	 * Get a token's information
+	 * @param integer Token type
+	 * @param integer User ID
+	 * @return array Token row
+	 */
+	function token_get( $p_type, $p_user_id = null ) {
+		token_purge_expired_once();
+
+		$c_type = db_prepare_int( $p_type );
+		$c_user_id = db_prepare_int( $p_user_id == null ? auth_get_current_user_id() : $p_user_id );
+
+		$t_tokens_table = config_get( 'mantis_tokens_table' );
+
+		$query = "SELECT * FROM $t_tokens_table 
+					WHERE type='$c_type' AND owner='$c_user_id'";
+		$result = db_query( $query );
+
+		if ( db_num_rows( $result ) > 0 ) {
+			return db_fetch_array( $result );
 		} else {
-			$c_user_id = db_prepare_int( $p_user_id );
+			return null;
 		}
+	}
 
-		$t_tokens_table	= config_get( 'mantis_tokens_table' );
+	function token_get_value( $p_type, $p_user_id = null ) {
+		$t_token = token_get( $p_type, $p_user_id );
+		return $t_token['value'];
+	}
 
-		# Remove
-		$query = "DELETE FROM $t_tokens_table
-		          	WHERE owner='$c_user_id'";
+	/**
+	 * Create or update a token's value and expiration
+	 * @param integer Token type
+	 * @param string Token value
+	 * @param integer Token expiration in seconds
+	 * @param integer User ID
+	 * @return integer Token ID
+	 */
+	function token_set( $p_type, $p_value, $p_expiry = TOKEN_EXPIRY, $p_user_id = null ) {
+		$t_token = token_get( $p_type, $p_user_id );
+		if ( $t_token == null ) {
+			return token_create( $p_type, $p_value, $p_expiry, $p_user_id );
+		} else { 
+			token_update( $t_token['id'], $p_value, $p_expiry );
+			return $t_token['id'];
+		}
+	}
+
+	/**
+	 * Touch a token to update its expiration time.
+	 * @param integer Token ID
+	 * @param integer Token expiration in seconds
+	 */
+	function token_touch( $p_token_id, $p_expiry = TOKEN_EXPIRY ) {
+		token_ensure_exists( $p_token_id );
+
+		$c_token_id = db_prepare_int( $p_token_id );
+		$c_token_expiry = db_timestamp( db_date(time() + $p_expiry) );
+		$t_tokens_table = config_get( 'mantis_tokens_table' );
+
+		$query = "UPDATE $t_tokens_table SET expiry=$c_token_expiry
+					WHERE id='$c_token_id'";
 		db_query( $query );
 
 		return true;
 	}
 
-	# --------------------
-	function token_delete_by_type( $p_token_type ) {
-		$c_token_type = db_prepare_int( $p_token_type );
+	/**
+	 * Delete a token.
+	 * @param integer Token type
+	 * @param integer User ID
+	 */
+	function token_delete( $p_type, $p_user_id = null ) {
+		$c_type = db_prepare_int( $p_type );
+		$c_user_id = db_prepare_int( $p_user_id == null ? auth_get_current_user_id() : $p_user_id );
 
-		$t_tokens_table	= config_get( 'mantis_tokens_table' );
+		$t_tokens_table = config_get( 'mantis_tokens_table' );
 
-		# Remove
-		$query = "DELETE FROM $t_tokens_table
-		          	WHERE type='$c_token_type'";
-		db_query( $query );
+		$query = "DELETE FROM $t_tokens_table 
+					WHERE type='$c_type' AND owner='$c_user_id'";
+		db_query( $result );
 
 		return true;
 	}
 
-	# --------------------
-	function token_delete_by_type_owner( $p_token_type, $p_user_id ) {
-		$c_token_type = db_prepare_int( $p_token_type );
-
-		if ( $p_user_id == null ) {
+	/**
+	 * Delete all tokens owned by a specified user.
+	 * @param integer User ID
+	 */
+	function token_delete_by_owner( $p_user_id = null ) {
+		if( $p_user_id == null ) {
 			$c_user_id = auth_get_current_user_id();
 		} else {
 			$c_user_id = db_prepare_int( $p_user_id );
@@ -99,123 +144,81 @@
 
 		# Remove
 		$query = "DELETE FROM $t_tokens_table
-		          	WHERE type='$c_token_type' and owner='$c_user_id'";
+		          	WHERE owner='$c_user_id'";
 		db_query( $query );
 
 		return true;
 	}
 
-	# --------------------
-	function token_exists( $p_token_id ) {
-		$c_token_id   	= db_prepare_int( $p_token_id );
-		$t_tokens_table	= config_get( 'mantis_tokens_table' );
+	# Low-level CRUD, not for general use
+
+	/**
+	 * Create a token.
+	 * @param integer Token type
+	 * @param string Token value
+	 * @param integer Token expiration in seconds
+	 * @param integer User ID
+	 * @return integer Token ID
+	 */
+	function token_create( $p_type, $p_value, $p_expiry = TOKEN_EXPIRY, $p_user_id = null ) {
+		$c_type = db_prepare_int( $p_type );
+		$c_value = db_prepare_string( $p_value );
+		$c_timestamp = db_now();
+		$c_expiry = db_timestamp( db_date(time() + $p_expiry) );
+		$c_user_id = db_prepare_int( $p_user_id == null ? auth_get_current_user_id() : $p_user_id );
+
+		$t_tokens_table = config_get( 'mantis_tokens_table' );
 
-		$query 	= "SELECT id
-		          	FROM $t_tokens_table
-		          	WHERE id='$c_token_id'";
-		$result	= db_query( $query, 1 );
-
-		return( 1 == db_num_rows( $result ) );
-	}
-
-	# --------------------
-	function token_ensure_exists( $p_token_id ) {
-		if ( !token_exists( $p_token_id ) ) {
-			trigger_error( ERROR_GENERIC, ERROR );
-		}
-
-		return true;
-	}
-
-	# --------------------
-	function token_add( $p_token_value, $p_token_type = TOKEN_UNKNOWN, $p_user_id = null ) {
-		$c_token_type = db_prepare_int( $p_token_type );
-		$c_token_value = db_prepare_string ( $p_token_value );
-
-		if ( $p_user_id == null ) {
-			$c_user_id = auth_get_current_user_id();
-		} else {
-			$c_user_id = db_prepare_int( $p_user_id );
-		}
-
-		$t_tokens_table	= config_get( 'mantis_tokens_table' );
-		# insert
 		$query = "INSERT INTO $t_tokens_table
-		          		( type, owner, timestamp, value )
-		          	 VALUES
-		          		( $c_token_type, $c_user_id, " . db_now(). ",'$c_token_value' )";
+					( type, value, timestamp, expiry, owner )
+					VALUES ( '$c_type', '$c_value', $c_timestamp, $c_expiry, '$c_user_id' )";
 		db_query( $query );
 		return db_insert_id( $t_tokens_table );
 	}
-	# --------------------
-	function token_set_value_by_type( $p_token_value, $p_token_type, $p_user_id = null ) {
-		token_delete_by_type_owner( $p_token_type, $p_user_id );
-		token_add( $p_token_value, $p_token_type, $p_user_id );
-	}
-	# --------------------
-	# This method does not generate an error if the token does not exist,
-	# e.g. if we try to delete an expired token
-	function token_delete( $p_token_id ) {
-		$c_token_id = db_prepare_int( $p_token_id );
 
-		$t_tokens_table	= config_get( 'mantis_tokens_table' );
-		# Remove
-		$query = "DELETE FROM $t_tokens_table
-		          	WHERE id='$c_token_id'";
-		db_query( $query, 1 );
-		return true;
-	}
-	# --------------------
-	function token_get_value( $p_token_id, $p_user_id = null ) {
+	/**
+	 * Update a token
+	 * @param integer Token ID
+	 * @param string Token value
+	 * @param integer Token expiration in seconds
+	 */
+	function token_update( $p_token_id, $p_value, $p_expiry = TOKEN_EXPIRY ) {
+		token_ensure_exists( $p_token_id );
 		$c_token_id = db_prepare_int( $p_token_id );
-
-		if ( $p_user_id == null ) {
-			$c_user_id = auth_get_current_user_id();
-		} else {
-			$c_user_id = db_prepare_int( $p_user_id );
-		}
-
-		$t_tokens_table	= config_get( 'mantis_tokens_table' );
-
-		token_purge_expired();
-
-		$query = "SELECT value
-		          	FROM $t_tokens_table
-		          	WHERE id='$c_token_id' AND owner='$c_user_id'";
-		$result = db_query( $query );
+		$c_value = db_prepare_string( $p_value );
+		$c_expiry = db_timestamp( db_date(time() + $p_expiry) );
 		
-		if ( 0 == db_num_rows( $result ) ) {
-			return null;
-		}
+		$t_tokens_table = config_get( 'mantis_tokens_table' );
+
+		$query = "UPDATE $t_tokens_table 
+					SET value='$c_value', expiry=$c_expiry";
+		db_query( $query );
 
-		return db_result( $result );
+		return true;
 	}
-	# --------------------
-	function token_get_value_by_type( $p_token_type, $p_user_id = null ) {
-		$c_token_type = db_prepare_int( $p_token_type );
 
-		if ( $p_user_id == null ) {
-			$c_user_id = auth_get_current_user_id();
-		} else {
-			$c_user_id = db_prepare_int( $p_user_id );
-		}
+	/**
+	 * Delete all tokens of a specified type.
+	 * @param integer Token Type
+	 */
+	function token_delete_by_type( $p_token_type ) {
+		$c_token_type = db_prepare_int( $p_token_type );
 
 		$t_tokens_table	= config_get( 'mantis_tokens_table' );
 
-		$query = "SELECT value
-					FROM $t_tokens_table
-					WHERE owner='$c_user_id' AND type='$c_token_type'";
-
-		$result = db_query( $query, 1 );
-		
-		if ( 0 == db_num_rows( $result ) ) {
-			return null;
-		}
+		# Remove
+		$query = "DELETE FROM $t_tokens_table
+		          	WHERE type='$c_token_type'";
+		db_query( $query );
 
-		return db_result( $result );
+		return true;
 	}
-	# --------------------
-	function token_purge_expired( $p_token_type = NULL ) {
+
+	/**
+	 * Purge all expired tokens.
+	 * @param integer Token type
+	 */
+	function token_purge_expired( $p_token_type = null ) {
 		$t_tokens_table	= config_get( 'mantis_tokens_table' );
 		# Remove
 		$query = "DELETE FROM $t_tokens_table WHERE ";
@@ -223,8 +226,25 @@
 			$c_token_type = db_prepare_int( $p_token_type );
 			$query .= " type='$c_token_type' AND ";
 		}
-		$query .= db_helper_compare_days( db_now(), 'timestamp', ">= '1'" );
+		$query .= db_now() . " > expiry ";
 		db_query( $query );
+		
+		global $t_tokens_purged;
+		$t_tokens_purged = true;
 		return true;
 	}
-?>
+
+	/**
+	 * Purge all expired tokens only once per session.
+	 * @param integer Token type
+	 */
+	function token_purge_expired_once( $p_token_type = null ) {
+		global $t_tokens_purged;
+		if ( ! $t_tokens_purged ) {
+			token_purge_expired();
+		}
+	}
+
+	# Set up global for token_purge_expired_once()
+	global $t_tokens_purged;
+	$t_tokens_purged = false;
diff --git a/lang/strings_english.txt b/lang/strings_english.txt
index 7a3cdec..0b847a5 100644
--- a/lang/strings_english.txt
+++ b/lang/strings_english.txt
@@ -281,6 +281,7 @@ $MANTIS_ERROR[ERROR_TAG_DUPLICATE] = 'A tag already exists with that name.';
 $MANTIS_ERROR[ERROR_TAG_NAME_INVALID] = 'That tag name is invalid.';
 $MANTIS_ERROR[ERROR_TAG_NOT_ATTACHED] = 'That tag is not attached to that bug.';
 $MANTIS_ERROR[ERROR_TAG_ALREADY_ATTACHED] = 'That tag already attached to that bug.';
+$MANTIS_ERROR[ERROR_TOKEN_NOT_FOUND] = 'Token could not be found.';
 
 $s_login_error = 'Your account may be disabled or blocked or the username/password you entered is incorrect.';
 $s_login_cookies_disabled = 'Your browser either doesn\'t know how to handle cookies, or refuses to handle them.';
diff --git a/summary_graph_bycategory.php b/summary_graph_bycategory.php
index a2dc2c7..2d342d8 100644
--- a/summary_graph_bycategory.php
+++ b/summary_graph_bycategory.php
@@ -21,11 +21,8 @@
 	$f_width = gpc_get_int( 'width', 300 );
 	$t_ar = config_get( 'graph_bar_aspect' );
 
-	$f_token = gpc_get_int( 'token', 0 );
-	if ( 0 == $f_token ) {
-		$t_metrics = create_category_summary();
-	} else {
-		$t_metrics = unserialize( token_get_value( $f_token ) );
-	}
+	$t_token = token_get_value( TOKEN_GRAPH );
+	$t_metrics = $t_token != null ? unserialize( $t_token ) : create_category_summary();
+
 	graph_bar( $t_metrics, lang_get( 'by_category' ), $f_width, $f_width * $t_ar );
 ?>
diff --git a/summary_graph_bycategory_pct.php b/summary_graph_bycategory_pct.php
index 646fb66..6b5a857 100644
--- a/summary_graph_bycategory_pct.php
+++ b/summary_graph_bycategory_pct.php
@@ -19,11 +19,9 @@
 	access_ensure_project_level( config_get( 'view_summary_threshold' ) );
 
 	$f_width = gpc_get_int( 'width', 300 );
-	$f_token = gpc_get_int( 'token', 0 );
-	if ( 0 == $f_token ) {
-		$t_metrics = create_category_summary();
-	} else {
-		$t_metrics = unserialize( token_get_value( $f_token ) );
-	}
+	
+	$t_token = token_get_value( TOKEN_GRAPH );
+	$t_metrics = $t_token != null ? unserialize( $t_token ) : create_category_summary();
+
 	graph_pie( $t_metrics, lang_get( 'by_category_pct' ), $f_width, $f_width );
 ?>
diff --git a/summary_graph_bypriority.php b/summary_graph_bypriority.php
index 289918e..bdaea2d 100644
--- a/summary_graph_bypriority.php
+++ b/summary_graph_bypriority.php
@@ -21,11 +21,8 @@
 	$f_width = gpc_get_int( 'width', 300 );
 	$t_ar = config_get( 'graph_bar_aspect' );
 
-	$f_token = gpc_get_int( 'token', 0 );
-	if ( 0 == $f_token ) {
-		$t_metrics = create_bug_enum_summary( lang_get( 'priority_enum_string' ), 'priority');
-	} else {
-		$t_metrics = graph_total_metrics( unserialize( token_get_value( $f_token ) ) );
-	}
+	$t_token = token_get_value( TOKEN_GRAPH );
+	$t_metrics = $t_token != null ? unserialize( $t_token ) : create_bug_enum_summary( lang_get( 'priority_enum_string' ), 'priority');
+
 	graph_bar( $t_metrics, lang_get( 'by_priority' ), $f_width, $f_width * $t_ar );
 ?>
diff --git a/summary_graph_bypriority_mix.php b/summary_graph_bypriority_mix.php
index 8852680..2359146 100644
--- a/summary_graph_bypriority_mix.php
+++ b/summary_graph_bypriority_mix.php
@@ -21,11 +21,8 @@
 	$f_width = gpc_get_int( 'width', 300 );
 	$t_ar = config_get( 'graph_bar_aspect' );
 
-	$f_token = gpc_get_int( 'token', 0 );
-	if ( 0 == $f_token ) {
-		$t_metrics = enum_bug_group( lang_get( 'priority_enum_string' ), 'priority');
-	} else {
-		$t_metrics = unserialize( token_get_value( $f_token ) );
-	}
+	$t_token = token_get_value( TOKEN_GRAPH );
+	$t_metrics = $t_token != null ? unserialize( $t_token ) : create_bug_enum_summary( lang_get( 'priority_enum_string' ), 'priority');
+
 	graph_group( $t_metrics, lang_get( 'by_priority_mix' ), $f_width, $f_width * $t_ar );
 ?>
diff --git a/summary_graph_bypriority_pct.php b/summary_graph_bypriority_pct.php
index 0dcc48f..2083e1e 100644
--- a/summary_graph_bypriority_pct.php
+++ b/summary_graph_bypriority_pct.php
@@ -20,11 +20,8 @@
 
 	$f_width = gpc_get_int( 'width', 300 );
 
-	$f_token = gpc_get_int( 'token', 0 );
-	if ( 0 == $f_token ) {
-		$t_metrics = create_bug_enum_summary( lang_get( 'priority_enum_string' ), 'priority');
-	} else {
-		$t_metrics = graph_total_metrics( unserialize( token_get_value( $f_token ) ) );
-	}
+	$t_token = token_get_value( TOKEN_GRAPH );
+	$t_metrics = $t_token != null ? unserialize( $t_token ) : create_bug_enum_summary( lang_get( 'priority_enum_string' ), 'priority');
+
 	graph_pie( $t_metrics, lang_get( 'by_priority_pct' ), $f_width, $f_width );
 ?>
diff --git a/summary_graph_byresolution.php b/summary_graph_byresolution.php
index 7d149b5..2d268aa 100644
--- a/summary_graph_byresolution.php
+++ b/summary_graph_byresolution.php
@@ -21,11 +21,8 @@
 	$f_width = gpc_get_int( 'width', 300 );
 	$t_ar = config_get( 'graph_bar_aspect' );
 
-	$f_token = gpc_get_int( 'token', 0 );
-	if ( 0 == $f_token ) {
-		$t_metrics = create_bug_enum_summary( lang_get( 'resolution_enum_string' ), 'resolution' );
-	} else {
-		$t_metrics = graph_total_metrics( unserialize( token_get_value( $f_token ) ) );
-	}
+	$t_token = token_get_value( TOKEN_GRAPH );
+    $t_metrics = $t_token != null ? unserialize( $t_token ) : create_bug_enum_summary( lang_get( 'resolution_enum_string' ), 'resolution' );
+
 	graph_bar( $t_metrics, lang_get( 'by_resolution' ), $f_width, $f_width * $t_ar );
 ?>
diff --git a/summary_graph_byresolution_mix.php b/summary_graph_byresolution_mix.php
index c7b7ea4..8c70d05 100644
--- a/summary_graph_byresolution_mix.php
+++ b/summary_graph_byresolution_mix.php
@@ -21,11 +21,8 @@
 	$f_width = gpc_get_int( 'width', 300 );
 	$t_ar = config_get( 'graph_bar_aspect' );
 
-	$f_token = gpc_get_int( 'token', 0 );
-	if ( 0 == $f_token ) {
-		$t_metrics = create_bug_group( lang_get( 'resolution_enum_string' ), 'resolution' );
-	} else {
-		$t_metrics = unserialize( token_get_value( $f_token ) );
-	}
+	$t_token = token_get_value( TOKEN_GRAPH );
+    $t_metrics = $t_token != null ? unserialize( $t_token ) : create_bug_enum_summary( lang_get( 'resolution_enum_string' ), 'resolution' );
+
 	graph_group( $t_metrics, lang_get( 'by_resolution_mix' ), $f_width, $f_width * $t_ar );
 ?>
diff --git a/summary_graph_byresolution_pct.php b/summary_graph_byresolution_pct.php
index 325dcc7..68056ee 100644
--- a/summary_graph_byresolution_pct.php
+++ b/summary_graph_byresolution_pct.php
@@ -20,11 +20,8 @@
 
 	$f_width = gpc_get_int( 'width', 300 );
 
-	$f_token = gpc_get_int( 'token', 0 );
-	if ( 0 == $f_token ) {
-		$t_metrics = create_bug_enum_summary( lang_get( 'resolution_enum_string' ), 'resolution' );
-	} else {
-		$t_metrics = graph_total_metrics( unserialize( token_get_value( $f_token ) ) );
-	}
+	$t_token = token_get_value( TOKEN_GRAPH );
+    $t_metrics = $t_token != null ? unserialize( $t_token ) : create_bug_enum_summary( lang_get( 'resolution_enum_string' ), 'resolution' );
+
 	graph_pie( $t_metrics, lang_get( 'by_resolution_pct' ), $f_width, $f_width );
 ?>
diff --git a/summary_graph_byseverity.php b/summary_graph_byseverity.php
index e494b2e..2a25a44 100644
--- a/summary_graph_byseverity.php
+++ b/summary_graph_byseverity.php
@@ -21,11 +21,8 @@
 	$f_width = gpc_get_int( 'width', 300 );
 	$t_ar = config_get( 'graph_bar_aspect' );
 
-	$f_token = gpc_get_int( 'token', 0 );
-	if ( 0 == $f_token ) {
-		$t_metrics = create_bug_enum_summary( lang_get( 'severity_enum_string' ), 'severity' );
-	} else {
-		$t_metrics = graph_total_metrics( unserialize( token_get_value( $f_token ) ) );
-	}
+	$t_token = token_get_value( TOKEN_GRAPH );
+	$t_metrics = $t_token != null ? unserialize( $t_token ) : create_bug_enum_summary( lang_get( 'severity_enum_string' ), 'severity' );
+
 	graph_bar( $t_metrics, lang_get( 'by_severity' ), $f_width, $f_width * $t_ar );
 ?>
diff --git a/summary_graph_byseverity_mix.php b/summary_graph_byseverity_mix.php
index a12fd41..648b741 100644
--- a/summary_graph_byseverity_mix.php
+++ b/summary_graph_byseverity_mix.php
@@ -21,11 +21,8 @@
 	$f_width = gpc_get_int( 'width', 300 );
 	$t_ar = config_get( 'graph_bar_aspect' );
 
-	$f_token = gpc_get_int( 'token', 0 );
-	if ( 0 == $f_token ) {
-		$t_metrics = enum_bug_group( lang_get( 'severity_enum_string' ), 'severity' );
-	} else {
-		$t_metrics = unserialize( token_get_value( $f_token ) );
-	}
+	$t_token = token_get_value( TOKEN_GRAPH );
+	$t_metrics = $t_token != null ? unserialize( $t_token ) : create_bug_enum_summary( lang_get( 'severity_enum_string' ), 'severity' );
+
 	graph_group( $t_metrics, lang_get( 'by_severity_mix' ), $f_width, $f_width * $t_ar );
 ?>
diff --git a/summary_graph_byseverity_pct.php b/summary_graph_byseverity_pct.php
index 4ab36a2..621537d 100644
--- a/summary_graph_byseverity_pct.php
+++ b/summary_graph_byseverity_pct.php
@@ -20,11 +20,8 @@
 
 	$f_width = gpc_get_int( 'width', 300 );
 
-	$f_token = gpc_get_int( 'token', 0 );
-	if ( 0 == $f_token ) {
-		$t_metrics = create_bug_enum_summary( lang_get( 'severity_enum_string' ), 'severity' );
-	} else {
-		$t_metrics = graph_total_metrics( unserialize( token_get_value( $f_token ) ) );
-	}
+	$t_token = token_get_value( TOKEN_GRAPH );
+	$t_metrics = $t_token != null ? unserialize( $t_token ) : create_bug_enum_summary( lang_get( 'severity_enum_string' ), 'severity' );
+
 	graph_pie( $t_metrics, lang_get( 'by_severity_pct' ), $f_width, $f_width );
 ?>
diff --git a/summary_graph_bystatus.php b/summary_graph_bystatus.php
index 23cc218..593d3d7 100644
--- a/summary_graph_bystatus.php
+++ b/summary_graph_bystatus.php
@@ -21,11 +21,8 @@
 	$f_width = gpc_get_int( 'width', 300 );
 	$t_ar = config_get( 'graph_bar_aspect' );
 
-	$f_token = gpc_get_int( 'token', 0 );
-	if ( 0 == $f_token ) {
-		$t_metrics = create_bug_enum_summary( lang_get( 'status_enum_string' ), 'status' );
-	} else {
-		$t_metrics = unserialize( token_get_value( $f_token ) );
-	}
+	$t_token = token_get_value( TOKEN_GRAPH );
+	$t_metrics = $t_token != null ? unserialize( $t_token ) : create_bug_enum_summary( lang_get( 'status_enum_string' ), 'status' );
+
 	graph_bar( $t_metrics, lang_get( 'by_status' ), $f_width, $f_width * $t_ar );
 ?>
diff --git a/summary_graph_bystatus_pct.php b/summary_graph_bystatus_pct.php
index 0c8270c..6423f5a 100644
--- a/summary_graph_bystatus_pct.php
+++ b/summary_graph_bystatus_pct.php
@@ -20,11 +20,8 @@
 
 	$f_width = gpc_get_int( 'width', 300 );
 
-	$f_token = gpc_get_int( 'token', 0 );
-	if ( 0 == $f_token ) {
-		$t_metrics = create_bug_enum_summary( lang_get( 'status_enum_string' ), 'status' );
-	} else {
-		$t_metrics = unserialize( token_get_value( $f_token ) );
-	}
+	$t_token = token_get_value( TOKEN_GRAPH );
+	$t_metrics = $t_token != null ? unserialize( $t_token ) : create_bug_enum_summary( lang_get( 'status_enum_string' ), 'status' );
+
 	graph_pie( $t_metrics, lang_get( 'by_status_pct' ), $f_width, $f_width );
 ?>
diff --git a/summary_graph_imp_category.php b/summary_graph_imp_category.php
index e4e2485..1cbcb91 100644
--- a/summary_graph_imp_category.php
+++ b/summary_graph_imp_category.php
@@ -28,10 +28,8 @@
 	$t_graph_width = (int) ( ( $t_width - 50 ) * 0.6 );
 
 	# gather the data for the graphs
-	$t_user_id = auth_get_current_user_id();
-	token_delete_by_type_owner( TOKEN_GRAPH, $t_user_id );
 	$t_metrics = create_category_summary();
-	$t_token = token_add( serialize( $t_metrics ), TOKEN_GRAPH, $t_user_id );
+	$t_token = token_set( TOKEN_GRAPH, serialize( $t_metrics ) );
 
  ?>
 
@@ -44,12 +42,12 @@
 </tr>
 <tr valign="top">
 	<td width='100%'>
-		<center><img src="summary_graph_bycategory.php?width=<?php echo $t_graph_width?>&token=<?php echo $t_token?>" border="0" /></center>
+		<center><img src="summary_graph_bycategory.php?width=<?php echo $t_graph_width?>" border="0" /></center>
 	</td>
 </tr>
 <tr valign="top">
 	<td align="center">
-		<center><img src="summary_graph_bycategory_pct.php?width=<?php echo $t_graph_width?>&token=<?php echo $t_token?>" border="0" /></center>
+		<center><img src="summary_graph_bycategory_pct.php?width=<?php echo $t_graph_width?>" border="0" /></center>
 	</td>
 </tr>
 </table>
diff --git a/summary_graph_imp_priority.php b/summary_graph_imp_priority.php
index 00c9a87..35ccc1a 100644
--- a/summary_graph_imp_priority.php
+++ b/summary_graph_imp_priority.php
@@ -28,10 +28,8 @@
 	$t_graph_width = (int) ( ( $t_width - 50 ) * 0.6 );
 
 	# gather the data for the graphs
-	$t_user_id = auth_get_current_user_id();
-	token_delete_by_type_owner( TOKEN_GRAPH, $t_user_id );
 	$t_metrics = enum_bug_group( lang_get( 'priority_enum_string' ), 'priority');
-	$t_token = token_add( serialize( $t_metrics ), TOKEN_GRAPH, $t_user_id );
+	$t_token = token_set( TOKEN_GRAPH, serialize( $t_metrics ) );
 
  ?>
 
@@ -44,17 +42,17 @@
 </tr>
 <tr valign="top">
 	<td>
-		<center><img src="summary_graph_bypriority.php?width=<?php echo $t_graph_width?>&token=<?php echo $t_token?>" border="0" /></center>
+		<center><img src="summary_graph_bypriority.php?width=<?php echo $t_graph_width?>" border="0" /></center>
 	</td>
 </tr>
 <tr valign="top">
 	<td>
-		 <center><img src="summary_graph_bypriority_pct.php?width=<?php echo $t_graph_width?>&token=<?php echo $t_token?>" border="0"" /></center>
+		 <center><img src="summary_graph_bypriority_pct.php?width=<?php echo $t_graph_width?>" border="0"" /></center>
 	</td>
 </tr>
 <tr valign="top">
 	<td>
-		<center><img src="summary_graph_bypriority_mix.php?width=<?php echo $t_graph_width?>&token=<?php echo $t_token?>" border="0"/></center>
+		<center><img src="summary_graph_bypriority_mix.php?width=<?php echo $t_graph_width?>" border="0"/></center>
 	</td>
 </tr>
 </table>
diff --git a/summary_graph_imp_resolution.php b/summary_graph_imp_resolution.php
index b39c3fc..e9e9196 100644
--- a/summary_graph_imp_resolution.php
+++ b/summary_graph_imp_resolution.php
@@ -28,10 +28,8 @@
 	$t_graph_width = (int) ( ( $t_width - 50 ) * 0.6 );
 
 	# gather the data for the graphs
-	$t_user_id = auth_get_current_user_id();
-	token_delete_by_type_owner( TOKEN_GRAPH, $t_user_id );
 	$t_metrics = enum_bug_group( lang_get( 'resolution_enum_string' ), 'resolution');
-	$t_token = token_add( serialize( $t_metrics ), TOKEN_GRAPH, $t_user_id );
+	$t_token = token_set( TOKEN_GRAPH, serialize( $t_metrics ) );
 
 ?>
 
@@ -44,17 +42,17 @@
 </tr>
 <tr valign="top">
 	<td>
-		<center><img src="summary_graph_byresolution.php?width=<?php echo $t_graph_width?>&token=<?php echo $t_token?>" border="0" /></center>
+		<center><img src="summary_graph_byresolution.php?width=<?php echo $t_graph_width?>" border="0" /></center>
 	</td>
 </tr>
 <tr valign="top">
 	<td>
-		<center><img src="summary_graph_byresolution_pct.php?width=<?php echo $t_graph_width?>&token=<?php echo $t_token?>" border="0" /></center>
+		<center><img src="summary_graph_byresolution_pct.php?width=<?php echo $t_graph_width?>" border="0" /></center>
 	</td>
 </tr>
 <tr valign="top">
 	<td>
-		<center><img src="summary_graph_byresolution_mix.php?width=<?php echo $t_graph_width?>&token=<?php echo $t_token?>" border="0" /></center>
+		<center><img src="summary_graph_byresolution_mix.php?width=<?php echo $t_graph_width?>" border="0" /></center>
 	</td>
 </tr>
 </table>
diff --git a/summary_graph_imp_severity.php b/summary_graph_imp_severity.php
index 57a9682..5ec5a05 100644
--- a/summary_graph_imp_severity.php
+++ b/summary_graph_imp_severity.php
@@ -27,10 +27,8 @@
 	$t_graph_width = (int) ( ( $t_width - 50 ) * 0.6 );
 
 	# gather the data for the graphs
-	$t_user_id = auth_get_current_user_id();
-	token_delete_by_type_owner( TOKEN_GRAPH, $t_user_id );
 	$t_metrics = enum_bug_group( lang_get( 'severity_enum_string' ), 'severity' );
-	$t_token = token_add( serialize( $t_metrics ), TOKEN_GRAPH, $t_user_id );
+	$t_token = token_set( TOKEN_GRAPH, serialize( $t_metrics ) );
 
 ?>
 
@@ -43,17 +41,17 @@
 </tr>
 <tr valign="top">
 	<td>
-		<center><img src="summary_graph_byseverity.php?width=<?php echo $t_graph_width?>&token=<?php echo $t_token?>" border="0" /></center>
+		<center><img src="summary_graph_byseverity.php?width=<?php echo $t_graph_width?>" border="0" /></center>
 	</td>
 </tr>
 <tr valign="top">
 	<td>
-		<center><img src="summary_graph_byseverity_pct.php?width=<?php echo $t_graph_width?>&token=<?php echo $t_token?>" border="0" /></center>
+		<center><img src="summary_graph_byseverity_pct.php?width=<?php echo $t_graph_width?>" border="0" /></center>
 	</td>
 </tr>
 <tr valign="top">
 	<td>
-		<center><img src="summary_graph_byseverity_mix.php?width=<?php echo $t_graph_width?>&token=<?php echo $t_token?>" border="0" /></center>
+		<center><img src="summary_graph_byseverity_mix.php?width=<?php echo $t_graph_width?>" border="0" /></center>
 	</td>
 </tr>
 </table>
diff --git a/summary_graph_imp_status.php b/summary_graph_imp_status.php
index 50efec3..75861bc 100644
--- a/summary_graph_imp_status.php
+++ b/summary_graph_imp_status.php
@@ -27,10 +27,8 @@
 	$t_graph_width = (int) ( ( $t_width - 50 ) * 0.6 );
 
 	# gather the data for the graphs
-	$t_user_id = auth_get_current_user_id();
-	token_delete_by_type_owner( TOKEN_GRAPH, $t_user_id );
 	$t_metrics = create_bug_enum_summary( lang_get( 'status_enum_string' ), 'status' );
-	$t_token = token_add( serialize( $t_metrics ), TOKEN_GRAPH, $t_user_id );
+	$t_token = token_set( TOKEN_GRAPH, serialize( $t_metrics ) );
 
 ?>
 
@@ -43,12 +41,12 @@
 </tr>
 <tr valign="top">
 	<td>
-		 <center><img src="summary_graph_bystatus.php?width=<?php echo $t_graph_width?>&token=<?php echo $t_token?>" border="0" /></center>
+		 <center><img src="summary_graph_bystatus.php?width=<?php echo $t_graph_width?>" border="0" /></center>
 	</td>
 </tr>
 <tr valign="top">
 	<td>
-		<center><img src="summary_graph_bystatus_pct.php?width=<?php echo $t_graph_width?>&token=<?php echo $t_token?>" border="0" /></center>
+		<center><img src="summary_graph_bystatus_pct.php?width=<?php echo $t_graph_width?>" border="0" /></center>
 	</td>
 </tr>
 </table>
diff --git a/view_all_set.php b/view_all_set.php
index b3a39fb..9da4f30 100644
--- a/view_all_set.php
+++ b/view_all_set.php
@@ -515,7 +515,7 @@
 	}
 
 	if ( $f_temp_filter ) {
-		$t_token_id = token_add( $t_settings_serialized, TOKEN_FILTER);
+		$t_token_id = token_set( TOKEN_FILTER, $t_settings_serialized );
 		$t_redirect_url = $t_redirect_url . '?filter=' . $t_token_id;
 		html_meta_redirect( $t_redirect_url, 0 );
 	} else {