diff --git a/api/src/database/seeds/01-tables/03-users.yaml b/api/src/database/seeds/01-tables/03-users.yaml
index 98e9b9d6eb..cc27841e9b 100644
--- a/api/src/database/seeds/01-tables/03-users.yaml
+++ b/api/src/database/seeds/01-tables/03-users.yaml
@@ -59,7 +59,7 @@ columns:
   token:
     type: string
     length: 255
-  last_login:
+  last_access:
     type: timestamp
   last_page:
     type: string
diff --git a/api/src/middleware/authenticate.ts b/api/src/middleware/authenticate.ts
index 04c1b23eea..310e7c7e17 100644
--- a/api/src/middleware/authenticate.ts
+++ b/api/src/middleware/authenticate.ts
@@ -49,13 +49,9 @@ const authenticate: RequestHandler = asyncHandler(async (req, res, next) => {
 			throw new InvalidCredentialsException();
 		}
 
-		/** @TODO verify user status */
-
 		req.accountability.user = payload.id;
 		req.accountability.role = user.role;
 		req.accountability.admin = user.admin_access === true || user.admin_access == 1;
-
-		return next();
 	} else {
 		// Try finding the user with the provided token
 		const user = await database
@@ -77,13 +73,10 @@ const authenticate: RequestHandler = asyncHandler(async (req, res, next) => {
 		req.accountability.admin = user.admin_access === true || user.admin_access == 1;
 	}
 
-	/**
-	 * @TODO
-	 * Implement static tokens
-	 *
-	 * @NOTE
-	 * We'll silently ignore wrong tokens. This makes sure we prevent brute-forcing static tokens
-	 */
+	if (req.accountability?.user) {
+		await database('directus_users').update({ last_access: new Date() }).where({ id: req.accountability.user });
+	}
+
 	return next();
 });