diff --git a/debian/tests/runner b/debian/tests/runner
index cc7f10778..b703da33f 100755
--- a/debian/tests/runner
+++ b/debian/tests/runner
@@ -12,7 +12,7 @@ LLSOURCEDIR=`pwd`
 
 LIST=$2
 
-test "$LIST" == "" 2>/dev/null && LIST=lemonldap-ng-*
+test "$LIST" = "" 2>/dev/null && LIST=lemonldap-ng-*
 
 EXITCODE=0
 for LLLIB in $LIST; do
diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ServiceToken.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ServiceToken.pm
index 7a0ed4e0c..bd0259b44 100644
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ServiceToken.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/ServiceToken.pm
@@ -14,21 +14,21 @@ sub fetchId {
     # Decrypt token
     my $s = $class->tsv->{cipher}->decrypt($token);
 
-    # Token format:
-    # time:_session_id:vhost1:vhost2,...
+# Token format:
+# time:_session_id:vhost1:vhost2:serviceHeader1=value1:serviceHeader2=value2,...
     my ( $t, $_session_id, @vhosts ) = split /:/, $s;
 
-    # Search if XFromVH is defined
+    # Looking for service headers
     my $vh = $class->resolveAlias($req);
-    my $XFromVH;
-    my @XFromVH = grep { $_ =~ s/^XFromVH=([\w-.]+)/$1/ } @vhosts;
-    if (@XFromVH) {
-        $XFromVH = $XFromVH[0];
-        $class->logger->debug("Found XFromVH -> $XFromVH");
-        $class->headersInit( undef,
-            { $vh => { 'XFromVH' => "qw($XFromVH)" } } );
-        @vhosts = map { $_ =~ /^XFromVH=[\w-.]+/ ? () : $_ } @vhosts;
-    }
+    my %serviceHeaders;
+    @vhosts = grep {
+        if (/^([\w\-]+)=(.+)$/) {
+            $serviceHeaders{$1} = $2;
+            $class->logger->debug( "Found service header: $1 => $2");
+            0;
+        }
+        else { 1 }
+    } @vhosts;
 
     # $_session_id and at least one vhost
     unless ( @vhosts and $_session_id ) {
@@ -54,6 +54,11 @@ sub fetchId {
         return 0;
     }
 
+    if (%serviceHeaders) {
+        $class->logger->debug("Append service header(s)...");
+        $class->set_header_out( $req, %serviceHeaders );
+    }
+
     return $_session_id;
 }
 
diff --git a/lemonldap-ng-handler/t/65-Lemonldap-NG-Handler-PSGI-ServiceToken.t b/lemonldap-ng-handler/t/65-Lemonldap-NG-Handler-PSGI-ServiceToken.t
index fae4e3e5f..2f27d5865 100644
--- a/lemonldap-ng-handler/t/65-Lemonldap-NG-Handler-PSGI-ServiceToken.t
+++ b/lemonldap-ng-handler/t/65-Lemonldap-NG-Handler-PSGI-ServiceToken.t
@@ -7,7 +7,7 @@ BEGIN {
 init(
     'Lemonldap::NG::Handler::Server',
     {
-        logLevel               => 'debug',
+        logLevel               => 'error',
         handlerServiceTokenTTL => 2,
         vhostOptions           => {
             'test1.example.com' => {
@@ -23,15 +23,22 @@ init(
                 vhostServiceTokenTTL => 5,
             }
         },
+        exportedHeaders => {
+            'test2.example.com' => {
+                'Auth-User' => '$uid',
+            },
+        }
     }
 );
 
 my $res;
 my $crypt = Lemonldap::NG::Common::Crypto->new('qwertyui');
-my $token =
-  $crypt->encrypt( join ':', time, $sessionId, 'test1.example.com',
-    'XFromVH=app1-auth.example.com',
-    'test2.example.com', '*.example.com' );
+my $token = $crypt->encrypt(
+    join ':',                        time,
+    $sessionId,                      'test1.example.com',
+    'XFromVH=app1-auth.example.com', 'serviceHeader1=service_Header1',
+    'test2.example.com',             '*.example.com'
+);
 
 ok(
     $res = $client->_get(
@@ -44,6 +51,14 @@ ok(
 ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
 count(2);
 
+my @headers = grep { /service/ } @{ $res->[1] };
+my @values  = grep { /\.example\.com/ } @{ $res->[1] };
+ok( @headers == 4, 'Found 4 service headers' )
+  or print STDERR Data::Dumper::Dumper( $res->[1] );
+ok( @values == 2, 'Found 2 service header values' )
+  or print STDERR Data::Dumper::Dumper( $res->[1] );
+count(2);
+
 diag 'Waiting';
 sleep 2;
 
@@ -58,6 +73,14 @@ ok(
 ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
 count(2);
 
+@headers = grep { /service/ } @{ $res->[1] };
+@values  = grep { /\.example\.com/ } @{ $res->[1] };
+ok( @headers == 4, 'Found 4 service headers' )
+  or print STDERR Data::Dumper::Dumper( $res->[1] );
+ok( @values == 2, 'Found 2 service header values' )
+  or print STDERR Data::Dumper::Dumper( $res->[1] );
+count(2);
+
 diag 'Waiting';
 sleep 1;
 
@@ -72,6 +95,11 @@ ok(
 ok( $res->[0] == 302, 'Code is 200' ) or explain( $res->[0], 302 );
 count(2);
 
+@headers = grep { /service/ } @{ $res->[1] };
+ok( @headers == 0, 'NONE service header found' )
+  or print STDERR Data::Dumper::Dumper( $res->[1] );
+count(1);
+
 diag 'Waiting';
 sleep 1;
 
@@ -86,6 +114,14 @@ ok(
 ok( $res->[0] == 200, 'Code is 200' ) or explain( $res->[0], 200 );
 count(2);
 
+@headers = grep { /service/ } @{ $res->[1] };
+@values  = grep { /\.example\.com/ } @{ $res->[1] };
+ok( @headers == 4, 'Found 4 service headers' )
+  or print STDERR Data::Dumper::Dumper( $res->[1] );
+ok( @values == 2, 'Found 2 service header values' )
+  or print STDERR Data::Dumper::Dumper( $res->[1] );
+count(2);
+
 diag 'Waiting';
 sleep 1;
 
@@ -100,6 +136,11 @@ ok(
 ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
 count(2);
 
+@headers = grep { /service/ } @{ $res->[1] };
+ok( @headers == 0, 'NONE service header found' )
+  or print STDERR Data::Dumper::Dumper( $res->[1] );
+count(1);
+
 ok(
     $res = $client->_get(
         '/', undef, 'test3.example.com', undef,
@@ -111,6 +152,11 @@ ok(
 ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
 count(2);
 
+@headers = grep { /service/ } @{ $res->[1] };
+ok( @headers == 0, 'NONE service header found' )
+  or print STDERR Data::Dumper::Dumper( $res->[1] );
+count(1);
+
 $token = $crypt->encrypt( join ':', time, $sessionId, '' );
 ok(
     $res = $client->_get(
@@ -123,6 +169,11 @@ ok(
 ok( $res->[0] == 302, 'Code is 302' ) or explain( $res->[0], 302 );
 count(2);
 
+@headers = grep { /service/ } @{ $res->[1] };
+ok( @headers == 0, 'NONE service header found' )
+  or print STDERR Data::Dumper::Dumper( $res->[1] );
+count(1);
+
 done_testing( count() );
 
 clean();
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
index fd41ffaf9..d95bd8abb 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Process.pm
@@ -356,6 +356,9 @@ sub setSessionInfo {
           if $self->conf->{timeoutActivity};
     }
 
+    # Currently selected language
+    $req->{sessionInfo}->{_language} = $req->cookies->{llnglanguage} || 'en';
+
     # Store URL origin in session
     $req->{sessionInfo}->{_url} = $req->{urldc};
 
diff --git a/lemonldap-ng-portal/t/04-language-selection.t b/lemonldap-ng-portal/t/04-language-selection.t
new file mode 100644
index 000000000..b697daccf
--- /dev/null
+++ b/lemonldap-ng-portal/t/04-language-selection.t
@@ -0,0 +1,70 @@
+use Test::More;
+use strict;
+use IO::String;
+
+BEGIN {
+    require 't/test-lib.pm';
+}
+
+my ( $client, $res, $id );
+
+$client = LLNG::Manager::Test->new(
+    { ini => { logLevel => 'error', restSessionServer => 1, useSafeJail => 1 }, } );
+
+# Try to authenticate
+# -------------------
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new('user=dwho&password=dwho'),
+        length => 23
+    ),
+    'Auth query without language cookie'
+);
+count(1);
+expectOK($res);
+$id = expectCookie($res);
+    
+ok( $res = $client->_get("/sessions/global/$id"), 'Get session' );
+count(1);
+expectOK($res);
+ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
+    or print STDERR $@;
+count(1);
+ok( $res->{_language} eq 'en', 'Default value for _language' );
+count(1);
+
+# Test logout
+$client->logout($id);
+
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new('user=dwho&password=dwho'),
+        cookie => "llnglanguage=fr",
+        length => 23
+    ),
+    'Auth query with language cookie'
+);
+count(1);
+expectOK($res);
+$id = expectCookie($res);
+    
+ok( $res = $client->_get("/sessions/global/$id"), 'Get session' );
+count(1);
+expectOK($res);
+ok( $res = eval { JSON::from_json( $res->[2]->[0] ) }, ' GET JSON' )
+    or print STDERR $@;
+count(1);
+ok( $res->{_language} eq 'fr', 'Correct value for _language' );
+count(1);
+
+
+# Test logout
+$client->logout($id);
+
+#print STDERR Dumper($res);
+
+clean_sessions();
+
+done_testing( count() );
diff --git a/lemonldap-ng-portal/t/59-Double-cookies-Refresh-and-Logout.t b/lemonldap-ng-portal/t/59-Double-cookies-Refresh-and-Logout.t
index e74a6beeb..486266d6a 100644
--- a/lemonldap-ng-portal/t/59-Double-cookies-Refresh-and-Logout.t
+++ b/lemonldap-ng-portal/t/59-Double-cookies-Refresh-and-Logout.t
@@ -114,14 +114,12 @@ ok(
     ),
     'POST checkuser'
 );
-my @attributes = map /<td class="text-left">(.+)?<\/td>/g, $res->[2]->[0];
-ok( scalar @attributes == 30, 'Found 30 attributes' )
-  or print STDERR "Missing attributes -> " . scalar @attributes;
-ok( $attributes[12] eq '_updateTime', '_updateTime' )
-  or print STDERR Dumper( \@attributes );
-ok( $attributes[13] =~ /^\d{14}$/, 'Timestamp found' )
-  or print STDERR Dumper( \@attributes );
-count(4);
+my %attributes = map /<td class="text-left">(.+)?<\/td>/g, $res->[2]->[0];
+ok( scalar keys %attributes == 16, 'Found 16 attributes' )
+  or print STDERR "Missing attributes -> " . scalar keys %attributes;
+ok( $attributes{'_updateTime'} =~ /^\d{14}$/, 'Timestamp found' )
+  or print STDERR Dumper( \%attributes );
+count(3);
 
 diag 'Waiting';
 sleep 3;
@@ -184,17 +182,15 @@ ok(
     ),
     'POST checkuser'
 );
-my @attributes2 = map /<td class="text-left">(.+)?<\/td>/g, $res->[2]->[0];
-ok( scalar @attributes2 == 30, 'Found 30 attributes' )
-  or print STDERR "Missing attributes -> " . scalar @attributes2;
-ok( $attributes2[12] eq '_updateTime', '_updateTime' )
-  or print STDERR Dumper( \@attributes2 );
-ok( $attributes2[13] =~ /^\d{14}$/, 'Timestamp found' )
-  or print STDERR Dumper( \@attributes2 );
-count(4);
+my %attributes2 = map /<td class="text-left">(.+)?<\/td>/g, $res->[2]->[0];
+ok( scalar keys %attributes2 == 16, 'Found 16 attributes' )
+  or print STDERR "Missing attributes -> " . scalar keys %attributes2;
+ok( $attributes2{'_updateTime'} =~ /^\d{14}$/, 'Timestamp found' )
+  or print STDERR Dumper( \%attributes2 );
+count(3);
 
-ok( $attributes2[13] - $attributes[13] >= 3, '_updateTime has been updated' )
-  or print STDERR Dumper( \@attributes2 );
+ok( $attributes2{_updateTime} - $attributes{_updateTime} >= 3, '_updateTime has been updated' )
+  or print STDERR Dumper( \%attributes2 );
 count(1);
 
 # Log out request
diff --git a/lemonldap-ng-portal/t/68-Impersonation-with-doubleCookies.t b/lemonldap-ng-portal/t/68-Impersonation-with-doubleCookies.t
index 43c468c36..7056cca88 100644
--- a/lemonldap-ng-portal/t/68-Impersonation-with-doubleCookies.t
+++ b/lemonldap-ng-portal/t/68-Impersonation-with-doubleCookies.t
@@ -324,25 +324,22 @@ ok( $res->[2]->[0] =~ m%<td class="align-middle">rtyler/dwho</td>%,
   or explain( $res->[2]->[0], 'Found rtyler/dwo' );
 count(16);
 
-my @attributes = map /<td class="text-left">(.+)?<\/td>/g, $res->[2]->[0];
-ok( scalar @attributes == 62, 'Found 61 attributes' )
-  or print STDERR ( @attributes < 62 )
-  ? "Missing attributes -> " . scalar @attributes
-  : "Too much attributes -> " . scalar @attributes;
-ok( $attributes[0] eq '_auth', '_auth' ) or print STDERR Dumper( \@attributes );
-ok( $attributes[1] eq 'Demo',  'Demo' )  or print STDERR Dumper( \@attributes );
-ok( $attributes[2] eq '_httpSession', '_httpSession' )
-  or print STDERR Dumper( \@attributes );
-ok( $attributes[28] eq 'uid', 'uid' ) or print STDERR Dumper( \@attributes );
-ok( $attributes[30] eq 'testPrefix__auth', 'testPrefix__auth' )
-  or print STDERR Dumper( \@attributes );
-ok( $attributes[32] eq 'testPrefix__httpSession', 'testPrefix__httpSession' )
-  or print STDERR Dumper( \@attributes );
-ok( $attributes[60] eq 'testPrefix_uid', 'testPrefix_uid' )
-  or print STDERR Dumper( \@attributes );
-ok( $attributes[61] eq 'rtyler', 'rtyler' )
-  or print STDERR Dumper( \@attributes );
-count(9);
+my %attributes = map /<td class="text-left">(.+)?<\/td>/g, $res->[2]->[0];
+ok( scalar keys %attributes == 33, 'Found 33 attributes' )
+  or print STDERR ( keys %attributes < 33 )
+  ? "Missing attributes -> " . scalar keys %attributes
+  : "Too much attributes -> " . scalar keys %attributes;
+ok( $attributes{'_auth'} eq 'Demo', '_auth' ) or print STDERR Dumper( \%attributes );
+ok( $attributes{'_httpSession'}, '_httpSession' )
+  or print STDERR Dumper( \%attributes );
+ok( $attributes{'uid'}, 'uid' ) or print STDERR Dumper( \%attributes );
+ok( $attributes{'testPrefix__auth'}, 'testPrefix__auth' )
+  or print STDERR Dumper( \%attributes );
+ok( $attributes{'testPrefix__httpSession'}, 'testPrefix__httpSession' )
+  or print STDERR Dumper( \%attributes );
+ok( $attributes{'testPrefix_uid'} eq 'rtyler', 'testPrefix_uid' )
+  or print STDERR Dumper( \%attributes );
+count(7);
 
 $client->logout($id);
 clean_sessions();
diff --git a/lemonldap-ng-portal/t/68-Impersonation.t b/lemonldap-ng-portal/t/68-Impersonation.t
index 933359905..0625264a7 100644
--- a/lemonldap-ng-portal/t/68-Impersonation.t
+++ b/lemonldap-ng-portal/t/68-Impersonation.t
@@ -322,19 +322,16 @@ ok( $res->[2]->[0] =~ m%<td class="align-middle">rtyler/dwho</td>%,
   or explain( $res->[2]->[0], 'Found rtyler/dwo' );
 count(16);
 
-my @attributes = map /<td class="text-left">(.+)?<\/td>/g, $res->[2]->[0];
-ok( scalar @attributes == 58, 'Found 58 attributes' )
-  or print STDERR "Missing attributes -> " . scalar @attributes;
-ok( $attributes[0] eq '_auth', '_auth' ) or print STDERR Dumper( \@attributes );
-ok( $attributes[1] eq 'Demo',  'Demo' )  or print STDERR Dumper( \@attributes );
-ok( $attributes[26] eq 'uid',  'uid' )   or print STDERR Dumper( \@attributes );
-ok( $attributes[28] eq 'testPrefix__auth', 'testPrefix__auth' )
-  or print STDERR Dumper( \@attributes );
-ok( $attributes[56] eq 'testPrefix_uid', 'testPrefix_uid' )
-  or print STDERR Dumper( \@attributes );
-ok( $attributes[57] eq 'rtyler', 'rtyler' )
-  or print STDERR Dumper( \@attributes );
-count(7);
+my %attributes = map /<td class="text-left">(.+)?<\/td>/g, $res->[2]->[0];
+ok( keys %attributes == 31, 'Found 31 attributes' )
+  or print STDERR "Missing attributes -> " . scalar %attributes;
+ok( $attributes{'_auth'} eq 'Demo', '_auth' ) or print STDERR Dumper( \%attributes );
+ok( $attributes{'uid'},  'uid' )   or print STDERR Dumper( \%attributes );
+ok( $attributes{'testPrefix__auth'}, 'testPrefix__auth' )
+  or print STDERR Dumper( \%attributes );
+ok( $attributes{'testPrefix_uid'} eq 'rtyler', 'testPrefix_uid' )
+  or print STDERR Dumper( \%attributes );
+count(5);
 
 $client->logout($id);
 clean_sessions();
diff --git a/lemonldap-ng-portal/t/70-2F-TOTP-8.t b/lemonldap-ng-portal/t/70-2F-TOTP-8.t
index 00ba215b3..af1a04dd4 100644
--- a/lemonldap-ng-portal/t/70-2F-TOTP-8.t
+++ b/lemonldap-ng-portal/t/70-2F-TOTP-8.t
@@ -22,6 +22,7 @@ SKIP: {
                 totp2fSelfRegistration => 1,
                 totp2fActivation       => 1,
                 totp2fDigits           => 8,
+                totp2fTTL              => -1,
             }
         }
     );
diff --git a/lemonldap-ng-portal/t/71-2F-U2F.t b/lemonldap-ng-portal/t/71-2F-U2F.t
index d09cfffb8..4ec55fd6a 100644
--- a/lemonldap-ng-portal/t/71-2F-U2F.t
+++ b/lemonldap-ng-portal/t/71-2F-U2F.t
@@ -18,6 +18,7 @@ SKIP: {
                 u2fSelfRegistration => 1,
                 u2fActivation       => 1,
                 portalMainLogo      => 'common/logos/logo_llng_old.png',
+                totp2fTTL           => 2,
             }
         }
     );