diff --git a/app.js b/app.js
index 3cfa2a1..1d0d986 100644
--- a/app.js
+++ b/app.js
@@ -154,25 +154,6 @@ app.use(flash())
 app.use(passport.initialize())
 app.use(passport.session())
 
-// serialize and deserialize
-passport.serializeUser(function (user, done) {
-  logger.info('serializeUser: ' + user.id)
-  return done(null, user.id)
-})
-passport.deserializeUser(function (id, done) {
-  models.User.findOne({
-    where: {
-      id: id
-    }
-  }).then(function (user) {
-    logger.info('deserializeUser: ' + user.id)
-    return done(null, user)
-  }).catch(function (err) {
-    logger.error(err)
-    return done(err, null)
-  })
-})
-
 // check uri is valid before going further
 app.use(require('./lib/web/middleware/checkURiValid'))
 
diff --git a/lib/web/auth/index.js b/lib/web/auth/index.js
index 3a20380..18d7057 100644
--- a/lib/web/auth/index.js
+++ b/lib/web/auth/index.js
@@ -1,12 +1,34 @@
 'use strict'
 
 const Router = require('express').Router
+const passport = require('passport')
 
 const config = require('../../config')
 const logger = require('../../logger')
+const models = require('../../models')
 
 const authRouter = module.exports = Router()
 
+// serialize and deserialize
+passport.serializeUser(function (user, done) {
+  logger.info('serializeUser: ' + user.id)
+  return done(null, user.id)
+})
+
+passport.deserializeUser(function (id, done) {
+  models.User.findOne({
+    where: {
+      id: id
+    }
+  }).then(function (user) {
+    logger.info('deserializeUser: ' + user.id)
+    return done(null, user)
+  }).catch(function (err) {
+    logger.error(err)
+    return done(err, null)
+  })
+})
+
 if (config.facebook) authRouter.use('/', require('./facebook'))
 if (config.twitter) authRouter.use('/', require('./twitter'))
 if (config.github) authRouter.use('/', require('./github'))