diff --git a/composer.json b/composer.json
index 58721b2..6f48723 100644
--- a/composer.json
+++ b/composer.json
@@ -37,5 +37,13 @@
   },
   "require": {
     "newfold-labs/wp-module-data": ">=2.1"
+  },
+  "require-dev": {
+    "newfold-labs/wp-php-standards": "^1.2"
+  },
+  "config": {
+    "allow-plugins": {
+      "dealerdirect/phpcodesniffer-composer-installer": true
+    }
   }
 }
diff --git a/includes/SSO_Helpers_Legacy.php b/includes/SSO_Helpers_Legacy.php
index 14dfa6c..e87fcee 100644
--- a/includes/SSO_Helpers_Legacy.php
+++ b/includes/SSO_Helpers_Legacy.php
@@ -22,6 +22,9 @@ public static function handleLegacyLogin( $nonce, $salt ) {
 			exit;
 		}
 
+		$has_epoch = preg_match( '/-e(\d+)$/', $nonce, $epoch );
+		$expired   = ( $has_epoch && ( time() - $epoch[1] ) > 300 ) ? true : false;
+
 		// Too many failed attempts
 		if ( self::shouldThrottle() ) {
 			self::triggerFailure();
@@ -36,8 +39,13 @@ public static function handleLegacyLogin( $nonce, $salt ) {
 		}
 
 		// Validate token
-		$token = substr( base64_encode( hash( 'sha256', $nonce . $salt, false ) ), 0, 64 );
-		if ( get_transient( 'sso_token' ) !== $token ) {
+		$token        = substr( base64_encode( hash( 'sha256', $nonce . $salt, false ) ), 0, 64 );
+		$stored_token = get_transient( 'sso_token' );
+		if ( false === $stored_token ) {
+			$stored_token = get_option( 'sso_token' );
+			delete_option( 'sso_token' );
+		}
+		if ( $expired || $stored_token !== $token ) {
 			self::triggerFailure();
 			exit;
 		}
@@ -69,7 +77,12 @@ public static function getUser() {
 
 		// If user wasn't found, find first admin user
 		if ( ! $user ) {
-			$users = get_users( array( 'role' => 'administrator', 'number' => 1 ) );
+			$users = get_users(
+				array(
+					'role'   => 'administrator',
+					'number' => 1,
+				)
+			);
 			if ( isset( $users[0] ) && is_a( $users[0], 'WP_User' ) ) {
 				$user = $users[0];
 			}
@@ -77,5 +90,4 @@ public static function getUser() {
 
 		return $user;
 	}
-
 }