diff --git a/apps/users.lua b/apps/users.lua
index 9fd379d..5b35a8c 100644
--- a/apps/users.lua
+++ b/apps/users.lua
@@ -41,20 +41,6 @@ local function create_session(user_id)
   })
 end
 
-local function validate_session(session_key)
-  if session_key == nil then
-    return nil
-  end
-
-  local session = db.select('* FROM "sessions" WHERE "key" = ? AND "expires_at" > "?" LIMIT 1', session_key, os.time())
-  print(#session)
-  if #session > 0 then
-    return Users:find({id = session[1].user_id})
-  end
-
-  return nil
-end
-
 local function validate_password(password)
   if #password < 10 or password:match("%s") then
     return false
@@ -94,7 +80,8 @@ app:get("user", "/:username", function(self)
     self.session.flash = {}
   end
 
-  local me = validate_session(self.session.session_key) or TransientUser
+  -- local me = validate_session(self.session.session_key) or TransientUser
+  local me = util.get_logged_in_user(self) or TransientUser
   self.user = user
   self.me = me
 
@@ -109,7 +96,7 @@ app:get("user", "/:username", function(self)
 end)
 
 app:post("user_clear_avatar", "/:username/clear_avatar", function(self)
-  local me = validate_session(self.session.session_key)
+  local me = util.get_logged_in_user(self)
   if me == nil then
     self.session.flash = {error = "You must be logged in to perform this action."}
     return {redirect_to = self:url_for("user_login")}
@@ -126,7 +113,7 @@ app:post("user_clear_avatar", "/:username/clear_avatar", function(self)
 end)
 
 app:post("user_set_avatar", "/:username/set_avatar", function(self)
-  local me = validate_session(self.session.session_key)
+  local me = util.get_logged_in_user(self)
   if me == nil then
     self.session.flash = {error = "You must be logged in to perform this action."}
     return {redirect_to = self:url_for("user_login")}
@@ -164,7 +151,7 @@ app:post("user_set_avatar", "/:username/set_avatar", function(self)
 end)
 
 app:get("user_settings", "/:username/settings", function(self)
-  local me = validate_session(self.session.session_key)
+  local me = util.get_logged_in_user(self)
   if me == nil then
     self.session.flash = {error = "You must be logged in to perform this action."}
     return {redirect_to = self:url_for("user_login")}
@@ -187,7 +174,7 @@ app:get("user_settings", "/:username/settings", function(self)
 end)
 
 app:post("user_settings", "/:username/settings", function(self)
-  local me = validate_session(self.session.session_key)
+  local me = util.get_logged_in_user(self)
   if me == nil then
     self.session.flash = {error = "You must be logged in to perform this action."}
     return {redirect_to = self:url_for("user_login")}
@@ -211,7 +198,7 @@ end)
 
 app:get("user_login", "/login", function(self)
   if self.session.session_key then
-    local user = validate_session(self.session.session_key)
+    local user = util.get_logged_in_user(self)
     if user ~= nil then
       return {redirect_to = self:url_for("user", {username = user.username})}
     end
@@ -226,7 +213,7 @@ end)
 
 app:post("user_login", "/login", function(self)
   if self.session.session_key then
-    local user = validate_session(self.session.session_key)
+    local user = util.get_logged_in_user(self)
     if user ~= nil then
       return {redirect_to = self:url_for("user", {username = user.username})}
     end
@@ -250,7 +237,7 @@ end)
 
 app:get("user_signup", "/signup", function(self)
   if self.session.session_key then
-    local user = validate_session(self.session.session_key)
+    local user = util.get_logged_in_user(self)
     if user ~= nil then
       return {redirect_to = self:url_for("user", {username = user.username})}
     end
@@ -264,7 +251,7 @@ end)
 
 app:post("user_signup", "/signup", function(self)
   if self.session.session_key then
-    local user = validate_session(self.session.session_key)
+    local user = util.get_logged_in_user(self)
     if user ~= nil then
       return {redirect_to = self:url_for("user", {username = user.username})}
     end
@@ -307,7 +294,7 @@ app:post("user_signup", "/signup", function(self)
 end)
 
 app:post("user_logout", "/logout", function (self)
-  local user = validate_session(self.session.session_key)
+  local user = util.get_logged_in_user(self)
   if not user then
     return {redirect_to = self:url_for("user_login")}
   end
@@ -318,7 +305,7 @@ app:post("user_logout", "/logout", function (self)
 end)
 
 app:post("confirm_user", "/confirm_user/:user_id", function (self)
-  local user = validate_session(self.session.session_key)
+  local user = util.get_logged_in_user(self)
   if not user then
     return {status = 403}
   end
diff --git a/util.lua b/util.lua
index 8c35435..261722d 100644
--- a/util.lua
+++ b/util.lua
@@ -1,7 +1,9 @@
 local util = {}
 local magick = require("magick")
+local db = require("lapis.db")
 
 local Avatars = require("models").Avatars
+local Users = require("models").Users
 
 function util.get_user_avatar_url(req, user)
   if not user.avatar_id then
@@ -42,4 +44,17 @@ function util.validate_and_create_image(input_image, filename)
   return true
 end
 
+function util.get_logged_in_user(req)
+  if req.session.session_key == nil then
+    return nil
+  end
+
+  local session = db.select('* FROM "sessions" WHERE "key" = ? AND "expires_at" > "?" LIMIT 1', req.session.session_key, os.time())
+  if #session > 0 then
+    return Users:find({id = session[1].user_id})
+  end
+
+  return nil
+end
+
 return util
\ No newline at end of file