diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 72451e8cd..2b1c92494 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -71,7 +71,7 @@ class ApplicationController < ActionController::Base
     # check http basic auth
     authenticate_with_http_basic do |user, password|
       puts 'http basic auth check'
-      userdata = User.where( :login => user ).first
+      userdata = User.lookup( :login => user )
       message = ''
       if !userdata
         message = 'authentication failed, user'
diff --git a/lib/session.rb b/lib/session.rb
index a515ffd40..4956fb41f 100644
--- a/lib/session.rb
+++ b/lib/session.rb
@@ -434,7 +434,7 @@ class ClientState
       return if !session_data
       return if !session_data[:user]
       return if !session_data[:user][:id]
-      user = User.where( :id => session_data[:user][:id] ).first
+      user = User.lookup( :id => session_data[:user][:id] )
       return if !user
 
       # set cache key