diff --git a/src/main/java/com/commafeed/backend/service/UserService.java b/src/main/java/com/commafeed/backend/service/UserService.java
index dbef971c..3a660947 100644
--- a/src/main/java/com/commafeed/backend/service/UserService.java
+++ b/src/main/java/com/commafeed/backend/service/UserService.java
@@ -43,25 +43,7 @@ public class UserService {
 		if (user != null && !user.isDisabled()) {
 			boolean authenticated = encryptionService.authenticate(password, user.getPassword(), user.getSalt());
 			if (authenticated) {
-				Date lastLogin = user.getLastLogin();
-				Date now = new Date();
-
-				boolean saveUser = false;
-				// only update lastLogin field every hour in order to not
-				// invalidate the cache everytime someone logs in
-				if (lastLogin == null || lastLogin.before(DateUtils.addHours(now, -1))) {
-					user.setLastLogin(now);
-					saveUser = true;
-				}
-				if (config.getApplicationSettings().isHeavyLoad()
-						&& (user.getLastFullRefresh() == null || user.getLastFullRefresh().before(DateUtils.addMinutes(now, -30)))) {
-					user.setLastFullRefresh(now);
-					saveUser = true;
-					feedSubscriptionService.refreshAll(user);
-				}
-				if (saveUser) {
-					userDAO.saveOrUpdate(user);
-				}
+				afterLogin(user);
 				return Optional.fromNullable(user);
 			}
 		}
@@ -75,11 +57,34 @@ public class UserService {
 
 		User user = userDAO.findByApiKey(apiKey);
 		if (user != null && !user.isDisabled()) {
+			afterLogin(user);
 			return Optional.fromNullable(user);
 		}
 		return Optional.absent();
 	}
 
+	public void afterLogin(User user) {
+		Date lastLogin = user.getLastLogin();
+		Date now = new Date();
+
+		boolean saveUser = false;
+		// only update lastLogin field every hour in order to not
+		// invalidate the cache everytime someone logs in
+		if (lastLogin == null || lastLogin.before(DateUtils.addHours(now, -1))) {
+			user.setLastLogin(now);
+			saveUser = true;
+		}
+		if (config.getApplicationSettings().isHeavyLoad()
+				&& (user.getLastFullRefresh() == null || user.getLastFullRefresh().before(DateUtils.addMinutes(now, -30)))) {
+			user.setLastFullRefresh(now);
+			saveUser = true;
+			feedSubscriptionService.refreshAll(user);
+		}
+		if (saveUser) {
+			userDAO.merge(user);
+		}
+	}
+
 	public User register(String name, String password, String email, Collection<Role> roles) {
 		return register(name, password, email, roles, false);
 	}
diff --git a/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java b/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java
index 8f7ea7b8..fa138ed6 100644
--- a/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java
+++ b/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java
@@ -67,7 +67,10 @@ public class SecurityCheckProvider implements InjectableProvider<SecurityCheck,
 			HttpSession session = request.getSession(false);
 			if (session != null) {
 				User user = (User) session.getAttribute(CommaFeedApplication.SESSION_USER);
-				return Optional.fromNullable(user);
+				if (user != null) {
+					userService.afterLogin(user);
+					return Optional.of(user);
+				}
 			}
 			return Optional.absent();
 		}