diff --git a/common/models/user.js b/common/models/user.js
index 24eebbf111..2db2b228f1 100644
--- a/common/models/user.js
+++ b/common/models/user.js
@@ -683,8 +683,7 @@ module.exports = function(User) {
         will introduce a change in this user.
         `
       )
-        .do(console.log)
-        .map(() => dedent`Your settings have not been updated.`);
+       .map(() => dedent`Your settings have not been updated.`);
     }
     return Observable.from(valuesToUpdate)
       .flatMap(flag => Observable.of({ flag, newValue: values[flag] }))
diff --git a/server/middleware.json b/server/middleware.json
index 23ef0d32e0..64e5c34eb5 100644
--- a/server/middleware.json
+++ b/server/middleware.json
@@ -29,7 +29,9 @@
     "./middlewares/sessions.js": {}
   },
   "auth:before": {
-    "./middlewares/add-return-to": {}
+    "./middlewares/add-return-to": {},
+    "./middlewares/cookie-parser": {},
+    "./middlewares/jwt-authorization": {}
   },
   "parse": {
     "body-parser#json": {},
@@ -38,8 +40,8 @@
         "extended": true
       }
     },
-    "method-override": {},
-    "./middlewares/cookie-parser": {}
+    "method-override": {}
+
   },
   "parse:after": {
     "./middlewares/validator": {}
@@ -55,8 +57,7 @@
     "./middlewares/csp": {},
     "./middlewares/jade-helpers": {},
     "./middlewares/flash-cheaters": {},
-    "./middlewares/passport-login": {},
-    "./middlewares/jwt-authorization": {}
+    "./middlewares/passport-login": {}
   },
   "files": {},
   "final:after": {
diff --git a/server/middlewares/jwt-authorization.js b/server/middlewares/jwt-authorization.js
index c373ef8912..025bd5c541 100644
--- a/server/middlewares/jwt-authorization.js
+++ b/server/middlewares/jwt-authorization.js
@@ -1,11 +1,14 @@
+import loopback from 'loopback';
 import jwt from 'jsonwebtoken';
 import { isBefore } from 'date-fns';
+
 import { wrapHandledError } from '../utils/create-handled-error';
 
 export default () => function authorizeByJWT(req, res, next) {
   const path = req.path.split('/')[1];
   if (/external/.test(path)) {
-    const cookie = req.signedCookies && req.signedCookies['jwt_access_token'];
+    const cookie = req.signedCookies && req.signedCookies['jwt_access_token'] ||
+      req.cookie && req.cookie['jwt_access_token'];
     if (!cookie) {
       throw wrapHandledError(
         new Error('Access token is required for this request'),
@@ -31,7 +34,7 @@ export default () => function authorizeByJWT(req, res, next) {
         }
       );
     }
-    const { accessToken: {created, ttl }} = token;
+    const { accessToken: {created, ttl, userId }} = token;
     const valid = isBefore(Date.now(), Date.parse(created) + ttl);
     if (!valid) {
       throw wrapHandledError(
@@ -44,7 +47,20 @@ export default () => function authorizeByJWT(req, res, next) {
         }
       );
     }
-    return next();
+    if (!req.user) {
+      const User = loopback.getModelByType('User');
+      return User.findById(userId)
+      .then(user => {
+        if (user) {
+          req.user = user;
+        }
+        return;
+      })
+      .then(next)
+      .catch(next);
+    } else {
+      return next();
+    }
   }
   return next();
 };