Admins must re-enter their password before viewing or deleting an access token, adding an extra security layer to credential management. When tokens are deleted, the system clears all client-side cookies to ensure no active sessions remain. The profile page now hides the token by default until explicitly revealed, and a new Delete Tokens button allows administrators to revoke all tokens at once and automatically redirects them to the login page after cleanup.

When editing a template, the system updates owner/creator metadata only if the ownership is explicitly changed. Otherwise, existing relationships are preserved to maintain accurate template history without unintentionally overwriting ownership data.