diff --git a/pages/ajax.document.php b/pages/ajax.document.php
index 1dfa0752e..29818ef54 100644
--- a/pages/ajax.document.php
+++ b/pages/ajax.document.php
@@ -43,8 +43,7 @@ try
 	require_once(APPROOT.'/application/startup.inc.php');
 
 	require_once(APPROOT.'/application/loginwebpage.class.inc.php');
-	LoginWebPage::DoLoginEx(null /* any portal */, false);
-	
+
 	$oPage = new ajax_page("");
 	$oPage->no_cache();
 
@@ -54,6 +53,7 @@ try
 	switch($operation)
 	{
 		case 'download_document':
+			LoginWebPage::DoLoginEx(null /* any portal */, false);
 			$id = utils::ReadParam('id', '');
 			$sField = utils::ReadParam('field', '');
 			if ($sClass == 'Attachment')
@@ -78,6 +78,8 @@ try
 			break;
 
 		case 'download_inlineimage':
+			// No login is required because the "secret" protects us
+			// Benefit: the inline image can be inserted into any HTML (templating = $this->html(public_log)$)
 			$id = utils::ReadParam('id', '');
 			$sSecret = utils::ReadParam('s', '');
 			$iCacheSec = 31556926; // One year ahead: an inline image cannot change