diff --git a/fileserver/sync_api.go b/fileserver/sync_api.go
index c96c2d83..87675ea0 100644
--- a/fileserver/sync_api.go
+++ b/fileserver/sync_api.go
@@ -1283,13 +1283,15 @@ func validateToken(r *http.Request, repoID string, skipCache bool) (string, *app
 		}
 	}
 
-	if value, ok := tokenCache.Load(token); ok {
-		if info, ok := value.(*tokenInfo); ok {
-			if info.repoID != repoID {
-				msg := "Invalid token"
-				return "", &appError{nil, msg, http.StatusForbidden}
+	if !skipCache {
+		if value, ok := tokenCache.Load(token); ok {
+			if info, ok := value.(*tokenInfo); ok {
+				if info.repoID != repoID {
+					msg := "Invalid token"
+					return "", &appError{nil, msg, http.StatusForbidden}
+				}
+				return info.email, nil
 			}
-			return info.email, nil
 		}
 	}
 
@@ -1300,6 +1302,7 @@ func validateToken(r *http.Request, repoID string, skipCache bool) (string, *app
 		return email, &appError{err, "", http.StatusInternalServerError}
 	}
 	if email == "" {
+		tokenCache.Delete(token)
 		msg := fmt.Sprintf("Failed to get email by token %s", token)
 		return email, &appError{nil, msg, http.StatusForbidden}
 	}