diff --git a/server/routes.js b/server/routes.js
index bee64f05..691399cb 100644
--- a/server/routes.js
+++ b/server/routes.js
@@ -66,9 +66,9 @@ router.get('/changelog', async ctx => {
 // home page
 router.get('/', async ctx => {
   const lastSignedIn = ctx.cookies.get('lastSignedIn');
+  const accessToken = ctx.cookies.get('accessToken');
   const domain = parseDomain(ctx.request.hostname);
   const subdomain = domain ? domain.subdomain : undefined;
-  const accessToken = ctx.cookies.get('accessToken');
 
   // Because we render both the signed in and signed out views depending
   // on a cookie it's important that the browser does not render from cache.
diff --git a/server/routes.test.js b/server/routes.test.js
index 8209bc89..827865ff 100644
--- a/server/routes.test.js
+++ b/server/routes.test.js
@@ -18,7 +18,7 @@ describe('#index', async () => {
 
   it('should render app if there is an accessToken', async () => {
     const res = await server.get('/', {
-      headers: { authorization: 'Bearer thisIsAnAccessToken' },
+      headers: { Cookie: ['accessToken=12345667'] },
     });
     const html = await res.text();
     expect(res.status).toEqual(200);