diff --git a/backend/src/graphql/resolver/TransactionResolver.ts b/backend/src/graphql/resolver/TransactionResolver.ts
index 755955a7f..8b7b7cee1 100644
--- a/backend/src/graphql/resolver/TransactionResolver.ts
+++ b/backend/src/graphql/resolver/TransactionResolver.ts
@@ -516,7 +516,7 @@ export class TransactionResolver {
     }
 
     // validate recipient user
-    // TODO: the detour over the public key is unnecessary
+    // TODO: the detour over the public key is unnecessary sessionId is removed
     const recipiantPublicKey = await getPublicKey(email, context.sessionId)
     if (!recipiantPublicKey) {
       throw new Error('recipiant not known')
diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts
index 2ecd523e9..5184d550f 100644
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@@ -200,7 +200,7 @@ export class UserResolver {
 
     context.setHeaders.push({
       key: 'token',
-      value: encode(result.data.session_id, result.data.user.public_hex),
+      value: encode(result.data.user.public_hex),
     })
     const user = new User(result.data.user)
     // Hack: Database Field is not validated properly and not nullable