diff --git a/lib/server/index.js b/lib/server/index.js
index 44754b7311..89eba3e131 100644
--- a/lib/server/index.js
+++ b/lib/server/index.js
@@ -1,5 +1,5 @@
 // Generated by CoffeeScript 1.3.3
-var ONE_YEAR, app, customMiddleware, derby, express, expressApp, gzippo, http, path, publicPath, racer, root, server, serverError, store;
+var ONE_YEAR, app, derby, express, expressApp, gzippo, habitrpgMobile, habitrpgSessions, http, path, publicPath, racer, root, server, serverError, store;
 
 http = require('http');
 
@@ -37,28 +37,27 @@ store = derby.createStore({
   listen: server
 });
 
-require('./setupStore').accessControl(store);
-
 ONE_YEAR = 1000 * 60 * 60 * 24 * 365;
 
 root = path.dirname(path.dirname(__dirname));
 
 publicPath = path.join(root, 'public');
 
-customMiddleware = function(that) {
-  return function(req, res, next) {
-    var acceptableUid, model, uidParam;
-    model = req.getModel();
-    model.set('_mobileDevice', /Android|webOS|iPhone|iPad|iPod|BlackBerry/i.test(req.header('User-Agent')));
-    uidParam = req.url.split('/')[1];
-    acceptableUid = require('guid').isGuid(uidParam) || (uidParam === '3' || uidParam === '4' || uidParam === '9');
-    if (acceptableUid && model.session.userId !== uidParam) {
-      model.set('_userId', uidParam);
-      model.session.userId = uidParam;
-    }
-    next();
-    return that;
-  };
+habitrpgMobile = function(req, res, next) {
+  var model;
+  model = req.getModel();
+  model.set('_mobileDevice', /Android|webOS|iPhone|iPad|iPod|BlackBerry/i.test(req.header('User-Agent')));
+  return next();
+};
+
+habitrpgSessions = function(req, res, next) {
+  var acceptableUid, uidParam;
+  uidParam = req.url.split('/')[1];
+  acceptableUid = require('guid').isGuid(uidParam) || (uidParam === '3' || uidParam === '4' || uidParam === '9');
+  if (acceptableUid && req.session.userId !== uidParam) {
+    req.session.userId = uidParam;
+  }
+  return next();
 };
 
 expressApp.use(express.favicon()).use(gzippo.staticGzip(publicPath, {
@@ -68,7 +67,7 @@ expressApp.use(express.favicon()).use(gzippo.staticGzip(publicPath, {
   cookie: {
     maxAge: ONE_YEAR
   }
-})).use(store.modelMiddleware()).use(customMiddleware(this)).use(app.router()).use(expressApp.router).use(serverError(root));
+})).use(habitrpgSessions).use(store.modelMiddleware()).use(habitrpgMobile).use(app.router()).use(expressApp.router).use(serverError(root));
 
 expressApp.all('*', function(req) {
   throw "404: " + req.url;
diff --git a/src/server/index.coffee b/src/server/index.coffee
index fb36049879..117e42dd26 100644
--- a/src/server/index.coffee
+++ b/src/server/index.coffee
@@ -24,31 +24,26 @@ derby.use(require 'racer-db-mongo')
 store = derby.createStore
   db: {type: 'Mongo', uri: process.env.NODE_DB_URI}
   listen: server
-require('./setupStore').accessControl(store)
+# require('./setupStore').accessControl(store)
 
 ONE_YEAR = 1000 * 60 * 60 * 24 * 365
 root = path.dirname path.dirname __dirname
 publicPath = path.join root, 'public'
 
-customMiddleware = (that) -> 
-  return (req, res, next) ->
-    # Setup for mobile-device customizations
-    model = req.getModel()
-    model.set '_mobileDevice', /Android|webOS|iPhone|iPad|iPod|BlackBerry/i.test(req.header 'User-Agent')
-    
-    uidParam = req.url.split('/')[1]
-    # PURL pseudo-auth: Previously saved session (eg, http://localhost/{guid}) (temporary solution until authentication built)
-    #TODO use racer's uuid dependency to validate guid instead of Guid here, to reduce deps
-    acceptableUid = require('guid').isGuid(uidParam) or (uidParam in ['3','4','9'])
-    if acceptableUid and model.session.userId!=uidParam 
-      ##FIXME why isn't this working?
-      # model.fetch "users.#{uidParam}", (err, user) ->
-        # console.log {uidParam:uidParam, split:req.url.split('/'), err:err, user:user}
-        # unless user.get('id')
-      model.set '_userId', uidParam # set for this request
-      model.session.userId = uidParam # and for next requests
-    next()
-    return that
+habitrpgMobile = (req, res, next) ->
+  model = req.getModel()
+  model.set '_mobileDevice', /Android|webOS|iPhone|iPad|iPod|BlackBerry/i.test(req.header 'User-Agent')
+  next()
+  
+# PURL pseudo-auth: Previously saved session (eg, http://localhost/{guid}) (temporary solution until authentication built)
+habitrpgSessions = (req, res, next) ->
+  uidParam = req.url.split('/')[1]  
+  acceptableUid = require('guid').isGuid(uidParam) or (uidParam in ['3','4','9'])
+  if acceptableUid and req.session.userId!=uidParam 
+    # model.fetch "users.#{uidParam}", (err, user) -> #test whether user exists
+      # if user.get('id')
+    req.session.userId = uidParam # and for next requests
+  next()
     
 expressApp
   .use(express.favicon())
@@ -68,12 +63,13 @@ expressApp
     secret: process.env.SESSION_SECRET || 'YOUR SECRET HERE'
     cookie: {maxAge: ONE_YEAR}
   )
+  .use(habitrpgSessions)  
 
   # Adds req.getModel method
   .use(store.modelMiddleware())
   # Middelware can be inserted after the modelMiddleware and before
   # the app router to pass server accessible data to a model
-  .use(customMiddleware(this))
+  .use(habitrpgMobile)
   # Creates an express middleware from the app's routes
   .use(app.router())
   .use(expressApp.router)