diff --git a/lib/www/server/ws/index.js b/lib/www/server/ws/index.js
index c7a8f24..6452374 100644
--- a/lib/www/server/ws/index.js
+++ b/lib/www/server/ws/index.js
@@ -28,6 +28,10 @@ function start (server, pingInterval=30000) {
 			jwt.checkValidCredentials({jwt: token}).then( decoded => {
 				console.log("refreshJwt decoded JWT = ", decoded);
 				if (decoded) {
+					// The connection is now authenticated.
+					// Let us remember this user's details
+					socket._jwt = decoded;
+
 					console.log("Renewing JWT via websocket");
 					delete decoded.exp;
 					const token = jwt.issue(decoded);
@@ -41,11 +45,13 @@ function start (server, pingInterval=30000) {
 					scheduleJwtRefresh(token);
 				} else {
 					console.warn("FAILED to decode JWT");
+					delete socket._jwt;
 				}
 			})
 			.catch( err => {
 				console.log("refreshJwt: Invalid credentials found");
 				console.error(err);
+				delete socket._jwt;
 				socket.close();
 			});
 		}
@@ -84,7 +90,11 @@ function start (server, pingInterval=30000) {
 
 	listen(channels, (data) => {
 		wsServer.clients.forEach( (socket) => {
-			socket.send(JSON.stringify(data));
+			if (socket._jwt) {
+				// Only send notifications to authenticated users
+				// FIXME should implement authorisation control as in the API
+				socket.send(JSON.stringify(data));
+			}
 		})
 	});