diff --git a/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java b/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java
index b0708f75..7971ed7d 100644
--- a/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java
+++ b/src/main/java/com/commafeed/frontend/auth/SecurityCheckProvider.java
@@ -1,6 +1,5 @@
 package com.commafeed.frontend.auth;
 
-import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.HttpHeaders;
@@ -39,7 +38,7 @@ public class SecurityCheckProvider implements InjectableProvider<SecurityCheck,
 	static class SecurityCheckInjectable extends AbstractHttpContextInjectable<User> {
 		private static final String PREFIX = "Basic";
 
-		private final HttpServletRequest request;
+		private final SessionHelper sessionHelper;
 		private final UserService userService;
 		private final Role role;
 		private final boolean apiKeyAllowed;
@@ -68,7 +67,6 @@ public class SecurityCheckProvider implements InjectableProvider<SecurityCheck,
 		}
 
 		Optional<User> cookieSessionLogin() {
-			SessionHelper sessionHelper = new SessionHelper(request);
 			Optional<User> loggedInUser = sessionHelper.getLoggedInUser();
 			if (loggedInUser.isPresent()) {
 				userService.performPostLoginActivities(loggedInUser.get());
@@ -105,11 +103,11 @@ public class SecurityCheckProvider implements InjectableProvider<SecurityCheck,
 		}
 	}
 
-	private HttpServletRequest request;
+	private SessionHelper sessionHelper;
 	private UserService userService;
 
-	public SecurityCheckProvider(@Context HttpServletRequest request, @Context UserService userService) {
-		this.request = request;
+	public SecurityCheckProvider(@Context SessionHelper sessionHelper, @Context UserService userService) {
+		this.sessionHelper = sessionHelper;
 		this.userService = userService;
 	}
 
@@ -120,6 +118,6 @@ public class SecurityCheckProvider implements InjectableProvider<SecurityCheck,
 
 	@Override
 	public Injectable<?> getInjectable(ComponentContext ic, SecurityCheck sc, Parameter c) {
-		return new SecurityCheckInjectable(request, userService, sc.value(), sc.apiKeyAllowed());
+		return new SecurityCheckInjectable(sessionHelper, userService, sc.value(), sc.apiKeyAllowed());
 	}
 }
diff --git a/src/test/java/com/commafeed/frontend/auth/SecurityCheckInjectableTest.java b/src/test/java/com/commafeed/frontend/auth/SecurityCheckInjectableTest.java
index 57c86eb3..429b055d 100644
--- a/src/test/java/com/commafeed/frontend/auth/SecurityCheckInjectableTest.java
+++ b/src/test/java/com/commafeed/frontend/auth/SecurityCheckInjectableTest.java
@@ -4,101 +4,32 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import org.junit.Assert;
 import org.junit.Test;
 
 import com.commafeed.backend.model.User;
 import com.commafeed.backend.service.UserService;
 import com.commafeed.backend.service.internal.PostLoginActivities;
 import com.commafeed.frontend.auth.SecurityCheckProvider.SecurityCheckInjectable;
+import com.commafeed.frontend.session.SessionHelper;
 import com.google.common.base.Optional;
 
 public class SecurityCheckInjectableTest {
 
-	private static String SESSION_KEY_USER = "user";
-
 	@Test
-	public void cookie_login_does_not_create_a_session_if_not_present() {
-		HttpServletRequest request = mock(HttpServletRequest.class);
-		UserService service = mock(UserService.class);
-
-		SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false);
-		injectable.cookieSessionLogin();
-
-		verify(request).getSession(false);
-	}
-
-	@Test
-	public void cookie_login_should_not_return_user_if_there_is_no_preexisting_http_session() {
-		HttpServletRequest request = mock(HttpServletRequest.class);
-		when(request.getSession(false)).thenReturn(null);
-
-		UserService service = new UserService(null, null, null, null, null, null);
-
-		SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false);
-		Optional<User> user = injectable.cookieSessionLogin();
-
-		Assert.assertFalse(user.isPresent());
-	}
-
-	@Test
-	public void cookie_login_should_not_return_user_if_user_not_present_in_http_session() {
-		HttpSession session = mock(HttpSession.class);
-		when(session.getAttribute(SESSION_KEY_USER)).thenReturn(null);
-
-		HttpServletRequest request = mock(HttpServletRequest.class);
-		when(request.getSession(false)).thenReturn(session);
-
-		UserService service = new UserService(null, null, null, null, null, null);
-
-		SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false);
-		Optional<User> user = injectable.cookieSessionLogin();
-
-		Assert.assertFalse(user.isPresent());
-	}
-
-	@Test
-	public void cookie_login_should_perform_post_login_activities_if_user_present_in_http_session() {
+	public void cookie_login_should_perform_post_login_activities_if_user_is_logged_in() {
 		User userInSession = new User();
 
-		HttpSession session = mock(HttpSession.class);
-		when(session.getAttribute(SESSION_KEY_USER)).thenReturn(userInSession);
-
-		HttpServletRequest request = mock(HttpServletRequest.class);
-		when(request.getSession(false)).thenReturn(session);
+		SessionHelper sessionHelper = mock(SessionHelper.class);
+		when(sessionHelper.getLoggedInUser()).thenReturn(Optional.of(userInSession));
 
 		PostLoginActivities postLoginActivities = mock(PostLoginActivities.class);
 
 		UserService service = new UserService(null, null, null, null, null, postLoginActivities);
 
-		SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false);
+		SecurityCheckInjectable injectable = new SecurityCheckInjectable(sessionHelper, service, null, false);
 		injectable.cookieSessionLogin();
 
 		verify(postLoginActivities).executeFor(userInSession);
 	}
 
-	@Test
-	public void cookie_login_should_return_user_if_user_present_in_http_session() {
-		User userInSession = new User();
-
-		HttpSession session = mock(HttpSession.class);
-		when(session.getAttribute(SESSION_KEY_USER)).thenReturn(userInSession);
-
-		HttpServletRequest request = mock(HttpServletRequest.class);
-		when(request.getSession(false)).thenReturn(session);
-
-		PostLoginActivities postLoginActivities = mock(PostLoginActivities.class);
-
-		UserService service = new UserService(null, null, null, null, null, postLoginActivities);
-
-		SecurityCheckInjectable injectable = new SecurityCheckInjectable(request, service, null, false);
-		Optional<User> user = injectable.cookieSessionLogin();
-
-		Assert.assertTrue(user.isPresent());
-		Assert.assertEquals(userInSession, user.get());
-	}
-
 }
diff --git a/src/test/java/com/commafeed/frontend/session/SessionHelperTest.java b/src/test/java/com/commafeed/frontend/session/SessionHelperTest.java
new file mode 100644
index 00000000..34cb19b8
--- /dev/null
+++ b/src/test/java/com/commafeed/frontend/session/SessionHelperTest.java
@@ -0,0 +1,72 @@
+package com.commafeed.frontend.session;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import com.commafeed.backend.model.User;
+import com.google.common.base.Optional;
+
+public class SessionHelperTest {
+
+	private static String SESSION_KEY_USER = "user";
+
+	@Test
+	public void getting_user_does_not_create_a_session_if_not_present() {
+		HttpServletRequest request = mock(HttpServletRequest.class);
+
+		SessionHelper sessionHelper = new SessionHelper(request);
+		sessionHelper.getLoggedInUser();
+
+		verify(request).getSession(false);
+	}
+
+	@Test
+	public void getting_user_should_not_return_user_if_there_is_no_preexisting_http_session() {
+		HttpServletRequest request = mock(HttpServletRequest.class);
+		when(request.getSession(false)).thenReturn(null);
+
+		SessionHelper sessionHelper = new SessionHelper(request);
+		Optional<User> user = sessionHelper.getLoggedInUser();
+
+		Assert.assertFalse(user.isPresent());
+	}
+
+	@Test
+	public void getting_user_should_not_return_user_if_user_not_present_in_http_session() {
+		HttpSession session = mock(HttpSession.class);
+		when(session.getAttribute(SESSION_KEY_USER)).thenReturn(null);
+
+		HttpServletRequest request = mock(HttpServletRequest.class);
+		when(request.getSession(false)).thenReturn(session);
+
+		SessionHelper sessionHelper = new SessionHelper(request);
+		Optional<User> user = sessionHelper.getLoggedInUser();
+
+		Assert.assertFalse(user.isPresent());
+	}
+
+	@Test
+	public void getting_user_should_return_user_if_user_present_in_http_session() {
+		User userInSession = new User();
+
+		HttpSession session = mock(HttpSession.class);
+		when(session.getAttribute(SESSION_KEY_USER)).thenReturn(userInSession);
+
+		HttpServletRequest request = mock(HttpServletRequest.class);
+		when(request.getSession(false)).thenReturn(session);
+
+		SessionHelper sessionHelper = new SessionHelper(request);
+		Optional<User> user = sessionHelper.getLoggedInUser();
+
+		Assert.assertTrue(user.isPresent());
+		Assert.assertEquals(userInSession, user.get());
+	}
+
+}