diff --git a/core/api/account.coffee b/core/api/account.coffee
index 5af1ec4..e22cc0c 100644
--- a/core/api/account.coffee
+++ b/core/api/account.coffee
@@ -34,7 +34,7 @@ module.exports =
             return res.json 400, error: 'email_exist'
 
           mAccount.register req.body.username, req.body.email, req.body.passwd, (account) ->
-            mAccount.createToken {}, (token)->
+            mAccount.createToken account, {}, (token)->
               res.cookie 'token', token,
                 expires: new Date(Date.now() + config.account.cookie_time)
 
@@ -49,7 +49,7 @@ module.exports =
         unless mAccount.matchPasswd account, req.body.passwd
           return res.json 400, error: 'auth_failed'
 
-        mAccount.createToken {}, (token) ->
+        mAccount.createToken account, {}, (token) ->
           res.cookie 'token', token,
             expires: new Date(Date.now() + config.account.cookie_time)
 
diff --git a/core/model/account.coffee b/core/model/account.coffee
index fc4eab2..44a0b5b 100644
--- a/core/model/account.coffee
+++ b/core/model/account.coffee
@@ -11,6 +11,7 @@ exports.register = (username, email, passwd, callback = null) ->
   passwd_salt = auth.randomSalt()
 
   exports.insert
+    _id: db.ObjectID()
     username: username
     passwd: auth.hashPasswd(passwd, passwd_salt)
     passwd_salt: passwd_salt
@@ -24,7 +25,7 @@ exports.register = (username, email, passwd, callback = null) ->
     callback(result) if callback
 
 # @param callback(token)
-exports.createToken = (attribute, callback) ->
+exports.createToken = (account, attribute, callback) ->
   # @param callback(token)
   generateToken = (callback) ->
     token = auth.randomSalt()
@@ -38,7 +39,7 @@ exports.createToken = (attribute, callback) ->
         callback token
 
   generateToken (token) ->
-    exports.update
+    exports.update _id: account._id,
       $push:
         tokens:
           token: token