diff --git a/include/user_filter.h b/include/user_filter.h
index 938bbe2..16ca9a0 100644
--- a/include/user_filter.h
+++ b/include/user_filter.h
@@ -1,7 +1,6 @@
 #pragma once
 #include <drogon/HttpFilter.h>
 #include <libbase64.h>
-#include <array>
 #include "str_intrusion.h"
 #include "bank.h"
 
diff --git a/src/user_filter.cpp b/src/user_filter.cpp
index bc416b8..25e834c 100644
--- a/src/user_filter.cpp
+++ b/src/user_filter.cpp
@@ -14,7 +14,8 @@ void UserFilter<set_body_flag, require_admin>::doFilter(const HttpRequestPtr &re
         if (auth_header.substr(0, 6) == "Basic ")
         {
             std::string_view base64_input = auth_header.substr(6);
-            static char result_buffer[511]{0}; //(255 username + ':' + 255 password)
+            static thread_local char result_buffer[511]; //(255 username + ':' + 255 password)
+            std::memset(result_buffer, 0, 511);
             size_t new_sz;
             base64_decode(base64_input.data(), base64_input.size(), result_buffer, &new_sz, 0);
 
@@ -31,7 +32,6 @@ void UserFilter<set_body_flag, require_admin>::doFilter(const HttpRequestPtr &re
                         if (bank.VerifyPassword(username.str, password.str))
                         {
                             fccb();
-                            std::memset(result_buffer, 0, 511);
                             return;
                         }
                     }
@@ -46,12 +46,10 @@ void UserFilter<set_body_flag, require_admin>::doFilter(const HttpRequestPtr &re
                             req->setParameter("name", username.str);
                         }
                         fccb();
-                        std::memset(result_buffer, 0, 511);
                         return;
                     }
                 }
             }
-            std::memset(result_buffer, 0, 511);
         }
     }
     const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k401Unauthorized, "\"Invalid Credentials\""));