diff --git a/src/node/db/SecurityManager.js b/src/node/db/SecurityManager.js
index 4289e39c..d3a98446 100644
--- a/src/node/db/SecurityManager.js
+++ b/src/node/db/SecurityManager.js
@@ -27,6 +27,8 @@ var padManager = require("./PadManager");
 var sessionManager = require("./SessionManager");
 var settings = require("../utils/Settings");
 var randomString = require('ep_etherpad-lite/static/js/pad_utils').randomString;
+var log4js = require('log4js');
+var authLogger = log4js.getLogger("auth");
 
 /**
  * This function controlls the access to a pad, it checks if the user can access a pad.
@@ -117,14 +119,17 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
         //get information about all sessions contained in this cookie
         function(callback)
         {
-          if (!sessionCookie) {
+          if (!sessionCookie)
+          {
             callback();
             return;
           }
           
           var sessionIDs = sessionCookie.split(',');
-          async.forEach(sessionIDs, function(sessionID, callback) {
-            sessionManager.getSessionInfo(sessionID, function(err, sessionInfo) {
+          async.forEach(sessionIDs, function(sessionID, callback)
+          {
+            sessionManager.getSessionInfo(sessionID, function(err, sessionInfo)
+            {
               //skip session if it doesn't exist
               if(err && err.message == "sessionID does not exist") return;
               
@@ -133,13 +138,17 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
               var now = Math.floor(new Date().getTime()/1000);
               
               //is it for this group?
-              if(sessionInfo.groupID != groupID) {
+              if(sessionInfo.groupID != groupID)
+              {
+                authLogger.debug("Auth failed: wrong group");
             	  callback();
             	  return;
               }
               
               //is validUntil still ok?
-              if(sessionInfo.validUntil <= now){
+              if(sessionInfo.validUntil <= now)
+              {
+                authLogger.debug("Auth failed: validUntil");
             	  callback();
             	  return;
               }
@@ -234,7 +243,11 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
         //--> grant access
         statusObject = {accessStatus: "grant", authorID: sessionAuthor};
         //--> deny access if user isn't allowed to create the pad
-        if(settings.editOnly) statusObject.accessStatus = "deny";
+        if(settings.editOnly)
+        {
+          authLogger.debug("Auth failed: valid session & pad does not exist");
+          statusObject.accessStatus = "deny";
+        }
       }
       // there is no valid session avaiable AND pad exists
       else if(!validSession && padExists)
@@ -266,6 +279,7 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
         //- its not public
         else if(!isPublic)
         {
+          authLogger.debug("Auth failed: invalid session & pad is not public");
           //--> deny access
           statusObject = {accessStatus: "deny"};
         }
@@ -277,6 +291,7 @@ exports.checkAccess = function (padID, sessionCookie, token, password, callback)
       // there is no valid session avaiable AND pad doesn't exists
       else
       {
+         authLogger.debug("Auth failed: invalid session & pad does not exist");
          //--> deny access
          statusObject = {accessStatus: "deny"};
       }