diff --git a/source/net/yacy/http/Jetty8YaCySecurityHandler.java b/source/net/yacy/http/Jetty8YaCySecurityHandler.java
index 1acc2e682..1cf756fb1 100644
--- a/source/net/yacy/http/Jetty8YaCySecurityHandler.java
+++ b/source/net/yacy/http/Jetty8YaCySecurityHandler.java
@@ -87,9 +87,11 @@ public class Jetty8YaCySecurityHandler extends ConstraintSecurityHandler {
             protectedPage = pathInContext.startsWith("/solr/") || pathInContext.startsWith("/gsa/");                        
         }
         //final boolean accountEmpty = adminAccountBase64MD5.length() == 0;
-     
-        if (protectedPage) { // TODO: none public site
-            if (!grantedForLocalhost) {
+
+        if (protectedPage) {
+            if (grantedForLocalhost) {
+                return null; // quick return for local admin
+            } else {
                 RoleInfo roleinfo = new RoleInfo();
                 roleinfo.setChecked(true); // RoleInfo.setChecked() : in Jetty this means - marked to have any security constraint
                 roleinfo.addRole(AccessRight.ADMIN_RIGHT.toString()); // use AccessRights as role
diff --git a/source/net/yacy/http/servlets/YaCyDefaultServlet.java b/source/net/yacy/http/servlets/YaCyDefaultServlet.java
index decafa66d..c5de34758 100644
--- a/source/net/yacy/http/servlets/YaCyDefaultServlet.java
+++ b/source/net/yacy/http/servlets/YaCyDefaultServlet.java
@@ -223,7 +223,7 @@ public class YaCyDefaultServlet extends HttpServlet  {
     protected void doGet(HttpServletRequest request, HttpServletResponse response)
             throws ServletException, IOException {
         String servletPath;
-        String pathInfo;
+        String pathInfo; 
         Enumeration<String> reqRanges = null;
         boolean included = request.getAttribute(RequestDispatcher.INCLUDE_REQUEST_URI) != null; 
         if (included) {
@@ -644,6 +644,13 @@ public class YaCyDefaultServlet extends HttpServlet  {
         legacyRequestHeader.put(HeaderFramework.CONNECTION_PROP_PATH, target);
         legacyRequestHeader.put(HeaderFramework.CONNECTION_PROP_EXT, targetExt);
 
+        // for userDB user legacyRequest expect login in Cookie (add one)
+        if (request.getUserPrincipal() != null) { 
+                String userpassEncoded = request.getHeader("Authorization"); // e.g. "Basic xxXXxxXXxxXX"
+                if (userpassEncoded != null) {
+                    legacyRequestHeader.setCookie("login", userpassEncoded);
+            }
+        }
         return legacyRequestHeader;
     }