diff --git a/login b/login
new file mode 100755
index 0000000..5a36a96
Binary files /dev/null and b/login differ
diff --git a/main.go b/main.go
index edbfb40..45aedb7 100644
--- a/main.go
+++ b/main.go
@@ -200,6 +200,14 @@ func VerifyCode(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
 		return
   }
 
+  // Delete nonce
+  _, err = redisClient.Del(req.Code + "nonce").Result()
+  if err != nil {
+    http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+		return
+  }
+
+  // Check nonce
   if req.Nonce != storedNonce {
     http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
 		return
@@ -212,6 +220,13 @@ func VerifyCode(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
 		return
   }
 
+  // Delete stored phone number
+  _, err = redisClient.Del(req.Code + "phone").Result()
+  if err != nil {
+    http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+		return
+  }
+
   // Generate (potential) User ID
   userHex, err := RandomHex()
   if err != nil {
@@ -289,11 +304,26 @@ func CreateUser(w http.ResponseWriter, r *http.Request, p httprouter.Params) {
 		return
   }
 
+  // Delete nonce
+  _, err = redisClient.Del(code + "nonce").Result()
+  if err != nil {
+    http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+		return
+  }
+
+  // Check nonce
   if nonce != storedNonce {
     http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 		return
   }
 
+  // Delete phone number
+  _, err = redisClient.Del(code + "phone").Result()
+  if err != nil {
+    http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+		return
+  }
+
   proxyReq, err := http.NewRequest(r.Method, coreURL, r.Body)
   if err != nil {
     http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)