diff --git a/auth.py b/auth.py
index 847fd4c..747e4a4 100644
--- a/auth.py
+++ b/auth.py
@@ -171,16 +171,23 @@ def require_secret(f):
             if 'device_id' not in session:
                 session['device_id'] = os.urandom(32).hex()
 
-            # AUTO-JUMP FOR TOKENS - Disabled for now to debug
-            # try:
-            #     if args_token and is_valid_token(args_token):
-            #         token_item = decode_token(args_token)
-            #         target_foldername = token_item['folders'][0]['foldername']
-            #         # Mark session as modified to ensure it's saved before redirect
-            #         session.modified = True
-            #         return redirect(f"/path/{target_foldername}")
-            # except Exception as e:
-            #     print(f"Error during auto-jump: {e}")
+            # For token links, immediately open the single folder they grant access to.
+            if (
+                args_token
+                and request.method == 'GET'
+                and request.endpoint == 'index'
+                and is_valid_token(args_token)
+            ):
+                try:
+                    token_item = decode_token(args_token)
+                    folders = token_item.get('folders', [])
+                    if len(folders) == 1:
+                        target_foldername = folders[0].get('foldername')
+                        if target_foldername:
+                            session.modified = True  # ensure session persists before redirect
+                            return redirect(f"/path/{target_foldername}")
+                except Exception as e:
+                    print(f"Error during token auto-open: {e}")
 
             return f(*args, **kwargs)
         else:
@@ -472,4 +479,4 @@ if __name__ == '__main__':
     print("Token:", token)
 
     result = decode_token(token)
-    print("Decoded payload:", result)
\ No newline at end of file
+    print("Decoded payload:", result)