diff --git a/server/core/auth.js b/server/core/auth.js
index ecb85726..5cafc109 100644
--- a/server/core/auth.js
+++ b/server/core/auth.js
@@ -115,27 +115,30 @@ module.exports = {
       let mustRevalidate = false
 
       // Expired but still valid within N days, just renew
-      if (info instanceof Error && info.name === 'TokenExpiredError' && DateTime.utc().minus(ms(WIKI.config.auth.tokenRenewal)) < DateTime.fromSeconds(info.expiredAt)) {
+      if (info instanceof Error && info.name === 'TokenExpiredError' && DateTime.utc().minus(ms(WIKI.config.auth.tokenRenewal)) < DateTime.fromISO(info.expiredAt)) {
         mustRevalidate = true
       }
 
       // Check if user / group is in revokation list
-      if (user) {
+      if (user && !mustRevalidate) {
         const uRevalidate = WIKI.auth.revokationList.get(`u${_.toString(user.id)}`)
         if (uRevalidate && user.iat < uRevalidate) {
           mustRevalidate = true
-        }
-        for (const gid of user.groups) {
-          const gRevalidate = WIKI.auth.revokationList.get(`g${_.toString(gid)}`)
-          if (gRevalidate && user.iat < gRevalidate) {
-            mustRevalidate = true
+        } else if (DateTime.fromSeconds(user.iat) <= WIKI.startedAt) { // Prevent new / restarted instance from allowing revoked tokens
+          mustRevalidate = true
+        } else {
+          for (const gid of user.groups) {
+            const gRevalidate = WIKI.auth.revokationList.get(`g${_.toString(gid)}`)
+            if (gRevalidate && user.iat < gRevalidate) {
+              mustRevalidate = true
+              break
+            }
           }
         }
       }
 
       // Revalidate and renew token
       if (mustRevalidate) {
-        console.info('MUST REVALIDATE')
         const jwtPayload = jwt.decode(securityHelper.extractJWT(req))
         try {
           const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
diff --git a/server/index.js b/server/index.js
index 939abf63..254335c9 100644
--- a/server/index.js
+++ b/server/index.js
@@ -5,6 +5,7 @@
 
 const path = require('path')
 const { nanoid } = require('nanoid')
+const { DateTime } = require('luxon')
 
 let WIKI = {
   IS_DEBUG: process.env.NODE_ENV === 'development',
@@ -14,7 +15,8 @@ let WIKI = {
   SERVERPATH: path.join(process.cwd(), 'server'),
   Error: require('./helpers/error'),
   configSvc: require('./core/config'),
-  kernel: require('./core/kernel')
+  kernel: require('./core/kernel'),
+  startedAt: DateTime.utc()
 }
 global.WIKI = WIKI