diff --git a/api/app.js b/api/app.js
index e7d2f50..3fef967 100644
--- a/api/app.js
+++ b/api/app.js
@@ -11,12 +11,12 @@ const debug = debugname('hostr-api');
 const router = new Router();
 
 let statsdOpts = {prefix: 'hostr-api', host: process.env.STATSD_HOST || 'localhost'};
+router.use(stats(statsdOpts));
 let statsd = new StatsD(statsdOpts);
 router.use(function*(next) {
   this.statsd = statsd;
   yield next;
 });
-router.use(stats(statsdOpts));
 
 router.use(cors({
   origin: '*',
diff --git a/app.js b/app.js
index 0926002..cf8c90e 100644
--- a/app.js
+++ b/app.js
@@ -9,9 +9,10 @@ import favicon from 'koa-favicon';
 import compress from 'koa-compress';
 import bodyparser from 'koa-bodyparser';
 import websockify from 'koa-websocket';
+import helmet from 'koa-helmet';
 import raven from 'raven';
 import mongo from './lib/mongo';
-import redis from './lib/redis';
+import * as redis from './lib/redis';
 import co from 'co';
 import api from './api/app';
 import web from './web/app';
@@ -29,6 +30,8 @@ if (process.env.SENTRY_DSN) {
 const app = websockify(koa());
 app.keys = [process.env.KEYS || 'INSECURE'];
 
+app.use(helmet());
+
 app.use(function* (next){
   this.set('Server', 'Nintendo 64');
   if(this.req.headers['x-forwarded-proto'] === 'http'){
@@ -38,7 +41,7 @@ app.use(function* (next){
 });
 
 app.use(mongo());
-app.use(redis());
+app.use(redis.middleware());
 app.use(logger());
 app.use(compress());
 app.use(bodyparser());
diff --git a/lib/redis.js b/lib/redis.js
index 0ad3982..902e791 100644
--- a/lib/redis.js
+++ b/lib/redis.js
@@ -1,29 +1,59 @@
 import redis from 'redis-url';
 import coRedis from 'co-redis';
+import koaRedis from 'koa-redis';
+import session from 'koa-generic-session';
 import debugname from 'debug';
 const debug = debugname('hostr:redis');
 
 const redisUrl = process.env.REDIS_URL || process.env.REDISTOGO_URL || 'redis://localhost:6379';
 
-let connection = new Promise((resolve, reject) => {
+const connection = new Promise((resolve, reject) => {
   debug('Connecting to Redis');
-  const client = redis.connect(redisUrl);
-  const wrapped = coRedis(client);
-  wrapped.client = client;
-  wrapped.on('error', (err) => {
-    debug('Client error: ' + err);
-  });
-  wrapped.on('ready', () => {
-    debug('Successfully connected to Redis');
-    resolve(wrapped);
-  });
+  resolve(redis.connect(redisUrl));
 }).catch((err) => {
-  debug('Promise error: ' + err);
+  debug('Connection error: ' + err);
 });
 
-export default function () {
-  return function* redisMiddleware(next) {
-    this.redis = yield connection;
+const redisSession = new Promise((resolve, reject) => {
+  return connection.then((client) => {
+    client = koaRedis({client: client});
+    resolve(session({
+      key: 'hid',
+      store: client
+    }));
+  }).catch((err) => {
+    debug('koa-redis error: ' + err);
+    reject(err);
+  });
+});
+
+const wrapped = new Promise((resolve, reject) => {
+  return connection.then((client) => {
+    client = coRedis(client);
+    client.on('error', (err) => {
+      debug('Client error: ' + err);
+      reject(err);
+    });
+    client.on('ready', () => {
+      debug('Successfully connected to Redis');
+      resolve(client);
+    });
+  }).catch((err) => {
+    debug('co-redis error: ' + err);
+    reject(err);
+  });
+});
+
+export function sessionStore() {
+  return function* (next) {
+    const sess = yield redisSession;
+    yield sess.bind(this)(next);
+  }
+}
+
+export function middleware() {
+  return function* (next) {
+    this.redis = yield wrapped;
     yield next;
   }
 }
diff --git a/package.json b/package.json
index cf79b2e..f3f864f 100644
--- a/package.json
+++ b/package.json
@@ -23,7 +23,7 @@
     "watch-sass": "node-sass -w -r -o web/public/styles/ web/public/styles/"
   },
   "dependencies": {
-    "aws-sdk": "~2.1.45",
+    "aws-sdk": "~2.1.46",
     "babel": "~5.8.21",
     "basic-auth": "~1.0.3",
     "co": "~4.6.0",
@@ -43,9 +43,10 @@
     "koa-favicon": "~1.2.0",
     "koa-file-server": "~2.3.1",
     "koa-generic-session": "~1.9.0",
+    "koa-helmet": "^0.2.0",
     "koa-logger": "~1.3.0",
     "koa-mount": "~1.3.0",
-    "koa-redis": "~1.0.0",
+    "koa-redis": "~1.0.1",
     "koa-route": "~2.4.2",
     "koa-router": "^5.1.2",
     "koa-static": "^1.4.9",
@@ -53,7 +54,7 @@
     "koa-views": "~3.1.0",
     "koa-websocket": "~1.0.0",
     "mandrill-api": "~1.0.45",
-    "mime-types": "~2.1.4",
+    "mime-types": "~2.1.5",
     "mkdirp": "~0.5.1",
     "moment": "~2.10.6",
     "mongodb-promisified": "~1.0.3",
@@ -71,7 +72,7 @@
     "virustotal.js": "~0.3.1"
   },
   "devDependencies": {
-    "eslint": "~1.2.0",
+    "eslint": "~1.2.1",
     "istanbul": "~0.3.18",
     "mocha": "~2.2.5",
     "nodemon": "~1.4.1",
diff --git a/web/app.js b/web/app.js
index 99daf6d..84429ad 100644
--- a/web/app.js
+++ b/web/app.js
@@ -3,9 +3,7 @@ import Router from 'koa-router';
 import csrf from 'koa-csrf';
 import views from 'koa-views';
 import stats from 'koa-statsd';
-import redis from '../lib/redis';
-import koaRedis from 'koa-redis'
-import session from 'koa-generic-session';
+import * as redis from '../lib/redis';
 import co from 'co';
 import StatsD from 'statsy';
 // waiting for PR to be merged, can remove swig dependency when done
@@ -22,18 +20,16 @@ const router = new Router();
 router.use(errors({template: path.join(__dirname, 'public', '404.html')}));
 
 let statsdOpts = {prefix: 'hostr-web', host: process.env.STATSD_HOST || 'localhost'};
+router.use(stats(statsdOpts));
 let statsd = new StatsD(statsdOpts);
 router.use(function* (next) {
   this.statsd = statsd;
   yield next;
 });
-router.use(stats(statsdOpts));
 
-router.use(session({
-  store: koaRedis({client: redis().client})
-}));
+router.use(redis.sessionStore());
 
-router.use(function* (next){
+router.use(function* (next) {
   this.state = {
     session: this.session,
     apiURL: process.env.API_URL,
diff --git a/web/routes/file.js b/web/routes/file.js
index 4739791..a92420e 100644
--- a/web/routes/file.js
+++ b/web/routes/file.js
@@ -45,7 +45,7 @@ export function* get() {
     localPath = path.join(storePath, file._id[0], this.params.size, file._id + '_' + file.file_name);
     remotePath = path.join(this.params.size, file._id + '_' + file.file_name);
   }
-  console.log(localPath);
+
   if (file.malware) {
     this.statsd.incr('file.malware.download', 1);
   }
@@ -82,7 +82,7 @@ export function* landing() {
     this.params.name = file.file_name;
     return yield get.call(this);
   }
-  console.log('incr')
+
   this.statsd.incr('file.landing', 1);
   const formattedFile = formatFile(file);
   yield this.render('file', {file: formattedFile});