diff --git a/owrx/controllers/session.py b/owrx/controllers/session.py
index 3a9d342..dd6d0f9 100644
--- a/owrx/controllers/session.py
+++ b/owrx/controllers/session.py
@@ -47,6 +47,7 @@ class SessionController(WebpageController):
                 user = userlist[data["user"]]
                 if user.password.is_valid(data["password"]):
                     # TODO pass the final destination
+                    # TODO evaluate password force_change and redirect to password change
                     key = SessionStorage.getSharedInstance().startSession({"user": user.name})
                     cookie = SimpleCookie()
                     cookie["owrx-session"] = key