diff --git a/src/App.tsx b/src/App.tsx
index 0d1d4f14..5e42bd22 100644
--- a/src/App.tsx
+++ b/src/App.tsx
@@ -16,7 +16,7 @@ import {
   VisibilityOff
 } from '@mui/icons-material'
 import { getDataProvider } from './providers/dataProvider'
-import rcoAuthProvider from './providers/authProvider'
+import rcoAuthProvider, { removeUserToken } from './providers/authProvider'
 import { useForm } from 'react-hook-form'
 import * as yup from 'yup'
 
@@ -232,6 +232,11 @@ function App(): React.ReactElement {
   }
 
   useEffect(() => {
+    // Check if session not exist. clear the user token from cookies
+    const storedSessionData = sessionStorage.getItem(constants.SESSION_LOGIN)
+    if (storedSessionData === null) {
+      removeUserToken()
+    }
     const storedValue = localStorage.getItem(constants.LOGGING_ENABLED)
     if (storedValue !== null) {
       setLoggingPref(storedValue === 'true')
diff --git a/src/constants.ts b/src/constants.ts
index 6fcf9103..89972ead 100644
--- a/src/constants.ts
+++ b/src/constants.ts
@@ -14,8 +14,10 @@ export const LOCAL_STORAGE_DB_KEY = 'rco-'
 export const DATE_FORMAT = 'yyyy-MM-dd'
 export const DATETIME_FORMAT = 'dd/MMM/yyyy HH:mm'
 export const TOKEN_KEY = 'rco-user'
-
 export const MUTATION_MODE = 'optimistic'
+// session storage value.
+export const SESSION_LOGIN = 'login'
+
 
 // major table/resource names
 export const R_USERS = 'user'
diff --git a/src/providers/authProvider/index.ts b/src/providers/authProvider/index.ts
index 697180fd..798b858e 100644
--- a/src/providers/authProvider/index.ts
+++ b/src/providers/authProvider/index.ts
@@ -44,7 +44,7 @@ const setToken = (token: string): void => {
   document.cookie = `${constants.TOKEN_KEY}=${token}; expires=${expires}; path=/ `
 }
 
-export const removeToken = (): void => {
+export const removeUserToken = (): void => {
   removeCookie(constants.TOKEN_KEY)
 }
 
@@ -144,6 +144,7 @@ const authProvider = (dataProvider: DataProvider): AuthProvider => {
         try {
           const res = await login({ password, staffNumber })
           await createUserToken(res.data.data, audit)
+          sessionStorage.setItem('login', 'true')
           return await Promise.resolve(res.data.data)
         } catch (error) {
           if (isAxiosError(error))
@@ -163,7 +164,7 @@ const authProvider = (dataProvider: DataProvider): AuthProvider => {
         securityRelated: null,
         activityDetail: null
       })
-      removeToken()
+      removeUserToken()
       await Promise.resolve()
     },
     checkAuth: async (): Promise<void> => {
@@ -176,7 +177,7 @@ const authProvider = (dataProvider: DataProvider): AuthProvider => {
     checkError: async (error): Promise<any> => {
       const status = error.status
       if (status === 401 || status === 403) {
-        removeToken()
+        removeUserToken()
         await Promise.reject(
           new Error('Server returned code ' + String(status))
         )
diff --git a/src/resources/users/UserForm.tsx b/src/resources/users/UserForm.tsx
index dd8400fc..52cf27cf 100644
--- a/src/resources/users/UserForm.tsx
+++ b/src/resources/users/UserForm.tsx
@@ -46,7 +46,7 @@ export default function UserForm({ isEdit }: FormProps): React.ReactElement {
 
   return (
     <SimpleForm
-      record={{ ...record, password: '' }}
+      record={{ ...record }}
       toolbar={<EditToolBar />}
       defaultValues={defaultValues}
       resolver={yupResolver(schema)}>