diff --git a/lib/middleware/auth.js b/lib/middleware/auth.js
index f7c02047..ac5a5910 100644
--- a/lib/middleware/auth.js
+++ b/lib/middleware/auth.js
@@ -24,8 +24,19 @@ module.exports = function(options) {
       }
     }
     else if (req.session && req.session.jwt) {
-      // Continue existing session
-      next()
+      dbapi.loadUser(req.session.jwt.email)
+        .then(function(user) {
+          if (user) {
+            // Continue existing session
+            req.user = user
+            next()
+          }
+          else {
+            // We no longer have the user in the database
+            res.redirect(options.authUrl)
+          }
+        })
+        .catch(next)
     }
     else {
       // No session, forward to auth client
diff --git a/lib/roles/app.js b/lib/roles/app.js
index 10899965..391c16de 100644
--- a/lib/roles/app.js
+++ b/lib/roles/app.js
@@ -92,7 +92,7 @@ module.exports = function(options) {
   app.get('/api/v1/user', function(req, res) {
     res.json({
       success: true
-    , user: req.session.jwt
+    , user: req.user
     })
   })
 
@@ -147,8 +147,13 @@ module.exports = function(options) {
             handshake.session = handshake.signedCookies[options.ssid]
             return dbapi.loadUser(handshake.session.jwt.email)
               .then(function(user) {
-                handshake.user = user
-                accept(null, true)
+                if (user) {
+                  handshake.user = user
+                  accept(null, true)
+                }
+                else {
+                  accept(null, false)
+                }
               })
           }
           else {