diff --git a/oracle_funcs.sh b/oracle_funcs.sh
index e95ef78..9fa42e9 100755
--- a/oracle_funcs.sh
+++ b/oracle_funcs.sh
@@ -121,12 +121,28 @@ check_get_token () {
 			
 			# If there is a cached credential file, use it
 			if [ -f ~/.rbksession.$id_string ]; then
-				read expiration token < <(echo $(cat ~/.rbksession.$id_string))
-				# If token expires within 30 min, get a new one
-				if [ $($DATE +%s -d $expiration) -lt $(( $($DATE +%s) + 1800 )) ]; then
+				cachefile="$HOME/.rbksession.$id_string"
+				# shellcheck disable=SC2046,SC2002
+				read -r expiration token < <(cat "$cachefile")
+				# If either field is missing treat the cache as invalid
+				if [ -z "$expiration" ] || [ -z "$token" ]; then
+					rm -f "$cachefile"
 					get_token
 				else
-					AUTH_TOKEN=$token
+					# Convert expiration to epoch (use $DATE which may be gdate on macOS)
+					if ! exp_ts=$($DATE -d "$expiration" +%s 2>/dev/null); then
+						# Could not parse expiration, throw away cache and get a new token
+						rm -f "$cachefile"
+						get_token
+					else
+						now_ts=$($DATE +%s)
+						# If token expires within 30 min, get a new one
+						if [ "$exp_ts" -lt $(( now_ts + 1800 )) ]; then
+							get_token
+						else
+							AUTH_TOKEN=$token
+						fi
+					fi
 				fi
 			else
 				get_token