diff --git a/backend/templates/base.html b/backend/templates/base.html
index 561e1b93..a842af5c 100644
--- a/backend/templates/base.html
+++ b/backend/templates/base.html
@@ -58,10 +58,6 @@
                           d="M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0016 8c0-4.42-3.58-8-8-8z"></path>
                 </svg>
             </a></li>
-            <!--
-            <li class="pure-menu-item"><a href="#" class="pure-menu-link">Tour</a></li>
-            <li class="pure-menu-item"><a href="#" class="pure-menu-link">Sign Up</a></li>
-            -->
         </ul>
     </div>
 </div>
diff --git a/backend/templates/login.html b/backend/templates/login.html
index cc55289e..635048e6 100644
--- a/backend/templates/login.html
+++ b/backend/templates/login.html
@@ -11,7 +11,7 @@
                 <input type="hidden" id="email" name="email" value="defaultuser@changedetection.io" />
             </div>
             <div class="pure-control-group">
-                <button type="submit" class="pure-button pure-button-primary">Submit</button>
+                <button type="submit" class="pure-button pure-button-primary">Login</button>
             </div>
         </fieldset>
     </form>
diff --git a/backend/tests/test_backend.py b/backend/tests/test_backend.py
index 42445cf1..42291a0f 100644
--- a/backend/tests/test_backend.py
+++ b/backend/tests/test_backend.py
@@ -129,51 +129,58 @@ def test_check_basic_change_detection_functionality(client, live_server):
     assert b'Deleted' in res.data
 
 
-def test_check_access_control(client):
+def test_check_access_control(app, client):
+    # Still doesnt work, but this is closer.
     return
-    # @note: does not seem to handle the last logout step correctly, we're still logged in.. but yet..
-    #        pytest team keep telling us that we have a new context.. i'm lost :(
+    with app.test_client() as c:
 
-    # Add our URL to the import page
-    res = client.post(
-        url_for("settings_page"),
-        data={"password": "foobar"},
-        follow_redirects=True
-    )
-    assert b"LOG OUT" not in res.data
+        # Check we dont have any password protection enabled yet.
+        res = c.get(url_for("settings_page"))
+        assert b"Remove password" not in res.data
 
-    client.get(url_for("import_page"), follow_redirects=True)
-    assert b"Password" in res.data
+        # Enable password check.
+        res = c.post(
+            url_for("settings_page"),
+            data={"password": "foobar"},
+            follow_redirects=True
+        )
+        assert b"Password protection enabled." in res.data
+        assert b"LOG OUT" not in res.data
+        print ("SESSION:", res.session)
+        # Check we hit the login
 
-    # Menu should not be available yet
-    assert b"SETTINGS" not in res.data
-    assert b"BACKUP" not in res.data
-    assert b"IMPORT" not in res.data
+        res = c.get(url_for("settings_page"), follow_redirects=True)
+        res = c.get(url_for("login"), follow_redirects=True)
+
+        assert b"Login" in res.data
+
+        print ("DEBUG >>>>>",res.data)
+        # Menu should not be available yet
+        assert b"SETTINGS" not in res.data
+        assert b"BACKUP" not in res.data
+        assert b"IMPORT" not in res.data
 
 
 
-    #defaultuser@changedetection.io is actually hardcoded for now, we only use a single password
-    res = client.post(
-        url_for("login"),
-        data={"password": "foobar", "email": "defaultuser@changedetection.io"},
-        follow_redirects=True
-    )
+        #defaultuser@changedetection.io is actually hardcoded for now, we only use a single password
+        res = c.post(
+            url_for("login"),
+            data={"password": "foobar", "email": "defaultuser@changedetection.io"},
+            follow_redirects=True
+        )
 
-    assert b"LOG OUT" in res.data
+        assert b"LOG OUT" in res.data
+        res = c.get(url_for("settings_page"))
 
-    client.get(url_for("settings_page"), follow_redirects=True)
-    # Menu should be available now
-    assert b"SETTINGS" in res.data
-    assert b"BACKUP" in res.data
-    assert b"IMPORT" in res.data
+        # Menu should be available now
+        assert b"SETTINGS" in res.data
+        assert b"BACKUP" in res.data
+        assert b"IMPORT" in res.data
 
+        assert b"LOG OUT" in res.data
 
-    assert b"LOG OUT" in res.data
+        # Now remove the password so other tests function, @todo this should happen before each test automatically
 
-    # Now remove the password so other tests function, @todo this should happen before each test automatically
-
-    print(res.data)
-    client.get(url_for("settings_page", removepassword="true"), follow_redirects=True)
-
-    client.get(url_for("import_page", removepassword="true"), follow_redirects=True)
-    assert b"LOG OUT" not in res.data
\ No newline at end of file
+        c.get(url_for("settings_page", removepassword="true"))
+        c.get(url_for("import_page"))
+        assert b"LOG OUT" not in res.data
\ No newline at end of file