diff --git a/APPL/API/shorturl.asp b/APPL/API/shorturl.asp
index ee20e0200d..26a85e4809 100644
--- a/APPL/API/shorturl.asp
+++ b/APPL/API/shorturl.asp
@@ -47,6 +47,17 @@ __Log("== Entering shorturl.asp ==");
     }
 
     var keyparam = getQParamInt("k", -1);
+/*  // TODO: beschermen met hmac 
+    // Daarom nog niet geactiveerd
+    var locked_user_key = getQParamInt("locked_user_key", -1); 
+    if (locked_user_key > 0)
+    {
+        Session("locked_user_key") = locked_user_key;
+        var user_allowed = Session("locked_user_allowed");
+        Session("locked_user_allowed") = {};
+        Session("locked_user_allowed")[u] = keyparam; //  TODO: Array voor als je meerdere tabjes open hebt
+    }
+*/
     // For flexiblity reasons: Literal or runtime parameter(s), just pass through...
     var rest = String(Request.ServerVariables("QUERY_STRING")); // Request.ServerVariables("QUERY_STRING") is url-encoded,
                                                                 // dat is hier safer dan Request.QueryString
@@ -156,7 +167,7 @@ __Log("== Entering shorturl.asp ==");
     else
         var theURL = protectQS.create(url);
 
-    if (isKnownBookmark && !isMobile && getQParamInt("internal", 0) == 0)
+    if (locked_user_key < 0 && isKnownBookmark && !isMobile && getQParamInt("internal", 0) == 0)
     {
         Session("FirstPage") = theURL;
         theURL = rooturl + "/";