diff --git a/.env.production b/.env.production
index ed96328..ab95a70 100644
--- a/.env.production
+++ b/.env.production
@@ -1,4 +1,6 @@
 DATABASE=FreePlanet
+UDB=paofreeplanet
+PDB=suerteFreePlanet@1A
 SEND_EMAIL=1
 PORT=3000
 URLBASE_APP1=https://freeplanet.app
diff --git a/server/db/mongoose.js b/server/db/mongoose.js
index 8992146..41b82b1 100644
--- a/server/db/mongoose.js
+++ b/server/db/mongoose.js
@@ -10,7 +10,17 @@ mongoose.plugin(schema => {
 
 mongoose.set('debug', false);
 
-mongoose.connect(process.env.MONGODB_URI, { useMongoClient: true, promiseLibrary: require('bluebird') })
+var options = {
+  // user: process.env.UDB,
+  // pass: process.env.PDB,
+  useMongoClient: true,
+  promiseLibrary: require('bluebird')
+};
+
+
+
+// mongoose.connect(process.env.MONGODB_URI + '?authSource=admin', { options })
+mongoose.connect(process.env.MONGODB_URI, { options })
   .then(() =>
     console.log('connection succesful ' + process.env.MONGODB_URI + ' db: ' + process.env.DATABASE)
   )
diff --git a/server/middleware/authenticate.js b/server/middleware/authenticate.js
index 1b0b81a..93fd966 100644
--- a/server/middleware/authenticate.js
+++ b/server/middleware/authenticate.js
@@ -5,18 +5,19 @@ const tools = require('../tools/general');
 var authenticate = (req, res, next) => {
   var token = req.header('x-auth');
 
-  // console.log("TOKEN = " + token);
+  tools.mylogshow("TOKEN = " + token);
 
   User.findByToken(token).then((user) => {
-    // tools.mylogshow('userid', user._id)
     if (!user) {
       return Promise.reject();
     }
+    tools.mylogshow('userid', user._id)
 
     req.user = user;
     req.token = token;
     next();
   }).catch((e) => {
+    tools.mylogshow("ERR = " + e);
     res.status(401).send();
   });
 };
diff --git a/server/router/index_router.js b/server/router/index_router.js
index dc93d71..2b288b3 100644
--- a/server/router/index_router.js
+++ b/server/router/index_router.js
@@ -92,7 +92,7 @@ router.post(process.env.LINK_UPDATE_PASSWORD, (req, res) => {
 
         // Salva lo User
         user.save().then(() => {
-          res.header('x-auth', token).send(user);   // Ritorna il token di ritorno
+          res.header('x-auth', token).send({user});   // Ritorna il token di ritorno
         });
       })
     }
diff --git a/server/router/todos_router.js b/server/router/todos_router.js
index 7360f16..78aafc6 100644
--- a/server/router/todos_router.js
+++ b/server/router/todos_router.js
@@ -32,8 +32,9 @@ router.post('/', authenticate, (req, res) => {
     return res.status(400).send({ code: server_constants.RIS_CODE_LOGIN_ERR_GENERIC });
   }
 
-  if (todo.userId !== String(req.user._id)) {
+  if (String(todo.userId) !== String(req.user._id)) {
     // I'm trying to write something not mine!
+    tools.mylog('todo.userId = ', todo.userId, 'req.user._id', req.user._id)
     return res.status(404).send({ code: server_constants.RIS_CODE_TODO_CREATING_NOTMYUSER });
   }
 
@@ -46,9 +47,13 @@ router.post('/', authenticate, (req, res) => {
 
   sendNotificationToUser(todo.userId, 'New Todo', 'New Todo added!', '/' + todo.category, 'todo');
 
-  todo.save().then((doc) => {
-    // tools.mylogshow('ID SAVED :', doc._id)
-    res.send(doc);
+  todo.save().then((writeresult) => {
+    let idobj = writeresult._id;
+    Todo.findById(idobj)
+      .then(record => {
+        tools.mylog('REC SAVED :', record);
+        res.send({record});
+      })
   }).catch((e) => {
     console.log(e.message);
     res.status(400).send(e);
@@ -160,7 +165,7 @@ router.patch('/:id', authenticate, (req, res) => {
 router.get('/:userId', authenticate, (req, res) => {
   var userId = req.params.userId;
 
-  // tools.mylogshow('GET : ', req.params);
+  tools.mylog('GET : ', req.params);
 
   if (!ObjectID.isValid(userId)) {
     return res.status(404).send();
@@ -173,7 +178,7 @@ router.get('/:userId', authenticate, (req, res) => {
 
   // Extract all the todos of the userId only
   Todo.findAllByUserId(userId).then((todos) => {
-    // tools.mylogshow('todos', todos)
+    tools.mylog('todos', todos)
     res.send({ todos });
   }).catch((e) => {
     console.log(e);
diff --git a/server/router/users_router.js b/server/router/users_router.js
index c8d6b59..f9ce974 100644
--- a/server/router/users_router.js
+++ b/server/router/users_router.js
@@ -99,11 +99,11 @@ router.post('/login', (req, res) => {
           usertosend.verified_email = user.verified_email;
 
           // tools.mylog("user.verified_email:" + user.verified_email);
-          // tools.mylog("usertosend.userId", usertosend.userId);
+          tools.mylog("usertosend.userId", usertosend.userId);
 
           // tools.mylog("usertosend:");
           // tools.mylog(usertosend);
-          res.header('x-auth', token).send(usertosend);
+          res.header('x-auth', token).send({usertosend, code: server_constants.RIS_CODE_OK});
           // tools.mylog("TROVATOOO!");
         });
       }
diff --git a/server/server.js b/server/server.js
index 5e322af..7ea8da4 100644
--- a/server/server.js
+++ b/server/server.js
@@ -81,11 +81,11 @@ app.use('/todos', todos_router);
 app.use('/users', users_router);
 
 // catch 404 and forward to error handler
-app.use(function (req, res, next) {
-  var err = new Error('Not Found');
-  err.status = 404;
-  next(err);
-});
+// app.use(function (req, res, next) {
+//   var err = new Error('Not Found');
+//   err.status = 404;
+//   next(err);
+// });
 
 
 // app.set('views', path.join(__dirname, 'views'));