diff --git a/gameserver/src/main/java/brainwine/gameserver/entity/player/Player.java b/gameserver/src/main/java/brainwine/gameserver/entity/player/Player.java
index 34b5de3..45f1d98 100644
--- a/gameserver/src/main/java/brainwine/gameserver/entity/player/Player.java
+++ b/gameserver/src/main/java/brainwine/gameserver/entity/player/Player.java
@@ -70,6 +70,7 @@ public class Player extends Entity implements CommandExecutor {
     public static final int MAX_SPEED_X = 12;
     public static final int MAX_SPEED_Y = 25;
     public static final int HEARTBEAT_TIMEOUT = 30000;
+    public static final int MAX_AUTH_TOKENS = 3;
     private static int dialogDiscriminator;
     
     @JacksonInject("documentId")
@@ -531,6 +532,12 @@ public class Player extends Entity implements CommandExecutor {
         authTokens.clear();
     }
     
+    protected void clearOldestAuthTokens() {
+        while(authTokens.size() > MAX_AUTH_TOKENS) {
+            authTokens.remove(0);
+        }
+    }
+    
     protected void addAuthToken(String authToken) {
         authTokens.add(authToken);
     }
diff --git a/gameserver/src/main/java/brainwine/gameserver/entity/player/PlayerManager.java b/gameserver/src/main/java/brainwine/gameserver/entity/player/PlayerManager.java
index b441d99..d8f9534 100644
--- a/gameserver/src/main/java/brainwine/gameserver/entity/player/PlayerManager.java
+++ b/gameserver/src/main/java/brainwine/gameserver/entity/player/PlayerManager.java
@@ -127,6 +127,8 @@ public class PlayerManager {
             return false;
         }
         
+        player.clearOldestAuthTokens();
+        
         // Might not be very efficient...
         for(String hashedToken : player.getAuthTokens()) {
             if(BCrypt.checkpw(authToken, hashedToken)) {