diff --git a/de.srsoftware.oidc.web/src/main/resources/en/scripts/users.js b/de.srsoftware.oidc.web/src/main/resources/en/scripts/users.js
index 42a677e..862f44b 100644
--- a/de.srsoftware.oidc.web/src/main/resources/en/scripts/users.js
+++ b/de.srsoftware.oidc.web/src/main/resources/en/scripts/users.js
@@ -16,41 +16,44 @@ function addUser(){
         header: {
             'Content-Type':'application/json'
         },
-        body: JSON.stringify(msg)
+        body: JSON.stringify(msg),
+        credentials:'include'
     }).then(() => location.reload())
 }
 
-async function handleUsers(response){
+function handleUsers(response){
     if (response.status == UNAUTHORIZED) {
         redirect('login.html?return_to='+encodeURI(window.location.href))
         return;
     }
-    var users = await response.json();
-    var bottom = document.getElementById('bottom');
-    for (let id in users){
-        var row = document.createElement("tr");
-        var u = users[id];
-        row.innerHTML = `<td>${u.username}</td>
-        <td>${u.realname}</td>
-        <td>${u.email}</td>
-        <td>${id}</td>
-        <td>
-            <button type="button" onclick="reset_password('${id}')" id="reset-${id}">Reset password</button>
-            <button id="remove-${u.uuid}" class="danger" onclick="remove('${id}','${u.realname}')" type="button">Remove</button>
-        </td>`;
-        bottom.parentNode.insertBefore(row,bottom);
-    }
+    response.json().then(users => {
+        var bottom = document.getElementById('bottom');
+        for (let id in users){
+            var row = document.createElement("tr");
+            var u = users[id];
+            row.innerHTML = `<td>${u.username}</td>
+            <td>${u.realname}</td>
+            <td>${u.email}</td>
+            <td>${id}</td>
+            <td>
+                <button type="button" onclick="reset_password('${id}')" id="reset-${id}">Reset password</button>
+                <button id="remove-${u.uuid}" class="danger" onclick="remove('${id}','${u.realname}')" type="button">Remove</button>
+            </td>`;
+            bottom.parentNode.insertBefore(row,bottom);
+        }
+    });
+
 }
 
-async function handleRemove(response){
+function handleRemove(response){
     if (response.ok){
         redirect("users.html");
     } else {
-        var info = await response.text();
-        console.log(info);
-        show(info);
+        response.text().then(info => {
+            console.log(info);
+            show(info);
+        });
     }
-
 }
 
 function remove(userId,name){
@@ -64,15 +67,14 @@ function remove(userId,name){
     if (confirm(message.replace("{}",name))) {
         fetch(user_controller+"/delete",{
             method: 'DELETE',
-            body : JSON.stringify({ user_id : userId, confirmed : true })
+            body : JSON.stringify({ user_id : userId, confirmed : true }),
+            credentials:'include'
         }).then(handleRemove);
     }
 }
 
 function reset_password(userid){
-    fetch(user_controller+"/reset?user="+userid).then(() => {
-        disable('reset-'+userid);
-    });
+    fetch(user_controller+"/reset?user="+userid,{credentials:'include'}).then(() => { disable('reset-'+userid); });
 }
 
-fetch(user_controller+"/list",{method:'POST'}).then(handleUsers);
+fetch(user_controller+"/list",{method:'POST',credentials:'include'}).then(handleUsers);