diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py
--- a/kallithea/lib/auth.py
+++ b/kallithea/lib/auth.py
@@ -144,21 +144,6 @@ def check_password(password, hashed):
     return KallitheaCrypto.hash_check(password, hashed)
 
 
-class CookieStoreWrapper(object):
-
-    def __init__(self, cookie_store):
-        self.cookie_store = cookie_store
-
-    def __repr__(self):
-        return 'CookieStore<%s>' % (self.cookie_store)
-
-    def get(self, key, other=None):
-        if isinstance(self.cookie_store, dict):
-            return self.cookie_store.get(key, other)
-        elif isinstance(self.cookie_store, AuthUser):
-            return self.cookie_store.__dict__.get(key, other)
-
-
 
 def _cached_perms_data(user_id, user_is_admin, user_inherit_default_permissions,
                        explicit, algo):
@@ -642,23 +627,28 @@ class AuthUser(object):
         if self.user_id != self.anonymous_user.user_id:
             self.is_authenticated = authenticated
 
-    def get_cookie_store(self):
-        return {'username': self.username,
-                'user_id': self.user_id,
-                'is_authenticated': self.is_authenticated}
+    def to_cookie(self):
+        """ Serializes this login session to a cookie `dict`. """
+        return {
+            'user_id': self.user_id,
+            'username': self.username,
+            'is_authenticated': self.is_authenticated,
+        }
 
-    @classmethod
-    def from_cookie_store(cls, cookie_store):
+    @staticmethod
+    def from_cookie(cookie):
         """
-        Creates AuthUser from a cookie store
-
-        :param cls:
-        :param cookie_store:
+        Deserializes an `AuthUser` from a cookie `dict`.
         """
-        user_id = cookie_store.get('user_id')
-        username = cookie_store.get('username')
-        api_key = cookie_store.get('api_key')
-        return AuthUser(user_id, api_key, username)
+
+        au = AuthUser(
+            user_id=cookie.get('user_id'),
+            username=cookie.get('username'),
+        )
+        if not au.is_authenticated and au.user_id is not None:
+            # user is not authenticated and not empty
+            au.set_authenticated(cookie.get('is_authenticated'))
+        return au
 
     @classmethod
     def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False):
diff --git a/kallithea/lib/base.py b/kallithea/lib/base.py
--- a/kallithea/lib/base.py
+++ b/kallithea/lib/base.py
@@ -49,7 +49,7 @@ from kallithea import __version__, BACKE
 from kallithea.lib.utils2 import str2bool, safe_unicode, AttributeDict,\
     safe_str, safe_int
 from kallithea.lib import auth_modules
-from kallithea.lib.auth import AuthUser, HasPermissionAnyMiddleware, CookieStoreWrapper
+from kallithea.lib.auth import AuthUser, HasPermissionAnyMiddleware
 from kallithea.lib.utils import get_repo_slug
 from kallithea.lib.exceptions import UserCreationError
 from kallithea.lib.vcs.exceptions import RepositoryError, EmptyRepositoryError, ChangesetDoesNotExistError
@@ -120,8 +120,7 @@ def log_in_user(user, remember):
 
     # Start new session to prevent session fixation attacks.
     session.invalidate()
-    cs = auth_user.get_cookie_store()
-    session['authuser'] = cs
+    session['authuser'] = cookie = auth_user.to_cookie()
 
     # If they want to be remembered, update the cookie
     if remember:
@@ -131,7 +130,7 @@ def log_in_user(user, remember):
     session.save()
 
     log.info('user %s is now authenticated and stored in '
-             'session, session attrs %s', user.username, cs)
+             'session, session attrs %s', user.username, cookie)
 
     # dumps session attrs back to cookie
     session._update_cookie_out()
@@ -388,11 +387,12 @@ class BaseController(WSGIController):
             return AuthUser(api_key=api_key)
 
         # Authenticate by session cookie
-        cookie_store = CookieStoreWrapper(session_authuser)
-        user_id = cookie_store.get('user_id')
-        if user_id is not None:
+        cookie = session.get('authuser')
+        # In ancient login sessions, 'authuser' may not be a dict.
+        # In that case, the user will have to log in again.
+        if isinstance(cookie, dict):
             try:
-                auth_user = AuthUser(user_id=user_id)
+                return AuthUser.from_cookie(cookie)
             except UserCreationError as e:
                 # container auth or other auth functions that create users on
                 # the fly can throw UserCreationError to signal issues with
@@ -400,14 +400,6 @@ class BaseController(WSGIController):
                 # exception object.
                 from kallithea.lib import helpers as h
                 h.flash(e, 'error', logf=log.error)
-            else:
-                authenticated = cookie_store.get('is_authenticated')
-
-                if not auth_user.is_authenticated and auth_user.user_id is not None:
-                    # user is not authenticated and not empty
-                    auth_user.set_authenticated(authenticated)
-
-                return auth_user
 
         # Authenticate by auth_container plugin (if enabled)
         if any(