diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index bb82b0ac7e3..f189c90da72 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -504,6 +504,8 @@ if (!defined('NOTOKENRENEWAL') && !defined('NOSESSION')) {
 			$token = dol_hash(uniqid(mt_rand(), false), 'md5'); // Generates a hash of a random number. We don't need a secured hash, just a changing random value.
 			$_SESSION['newtoken'] = $token;
 			dol_syslog("NEW TOKEN generated by : ".$_SERVER['PHP_SELF'], LOG_DEBUG);
+			// TODO Warning, if a user succeed in entering a data from a public page, he can enter a link that make a token regeneration making
+			// the use of the backoffice no more possible !
 		}
 	}
 }