diff --git a/rhodecode/controllers/login.py b/rhodecode/controllers/login.py
--- a/rhodecode/controllers/login.py
+++ b/rhodecode/controllers/login.py
@@ -7,7 +7,7 @@
 
     :created_on: Apr 22, 2010
     :author: marcink
-    :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
+    :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
     :license: GPLv3, see COPYING for more details.
 """
 # This program is free software: you can redistribute it and/or modify
@@ -38,6 +38,7 @@ from rhodecode.lib.base import BaseContr
 from rhodecode.model.db import User
 from rhodecode.model.forms import LoginForm, RegisterForm, PasswordResetForm
 from rhodecode.model.user import UserModel
+from rhodecode.model.meta import Session
 
 
 log = logging.getLogger(__name__)
@@ -49,7 +50,7 @@ class LoginController(BaseController):
         super(LoginController, self).__before__()
 
     def index(self):
-        #redirect if already logged in
+        # redirect if already logged in
         c.came_from = request.GET.get('came_from', None)
 
         if self.rhodecode_user.is_authenticated \
@@ -58,21 +59,28 @@ class LoginController(BaseController):
             return redirect(url('home'))
 
         if request.POST:
-            #import Login Form validator class
+            # import Login Form validator class
             login_form = LoginForm()
             try:
                 c.form_result = login_form.to_python(dict(request.POST))
-                #form checks for username/password, now we're authenticated
+                # form checks for username/password, now we're authenticated
                 username = c.form_result['username']
                 user = User.get_by_username(username, case_insensitive=True)
                 auth_user = AuthUser(user.user_id)
                 auth_user.set_authenticated()
-                session['rhodecode_user'] = auth_user
+                cs = auth_user.get_cookie_store()
+                session['rhodecode_user'] = cs
+                # If they want to be remembered, update the cookie
+                if c.form_result['remember'] is not False:
+                    session.cookie_expires = False
+                    session._set_cookie_values()
+                session._update_cookie_out()
                 session.save()
 
-                log.info('user %s is now authenticated and stored in session',
-                         username)
+                log.info('user %s is now authenticated and stored in '
+                         'session, session attrs %s' % (username, cs))
                 user.update_lastlogin()
+                Session.commit()
 
                 if c.came_from:
                     return redirect(c.came_from)
@@ -92,7 +100,6 @@ class LoginController(BaseController):
     @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',
                                'hg.register.manual_activate')
     def register(self):
-        user_model = UserModel()
         c.auto_active = False
         for perm in User.get_by_username('default').user_perms:
             if perm.permission.permission_name == 'hg.register.auto_activate':
@@ -105,9 +112,10 @@ class LoginController(BaseController):
             try:
                 form_result = register_form.to_python(dict(request.POST))
                 form_result['active'] = c.auto_active
-                user_model.create_registration(form_result)
+                UserModel().create_registration(form_result)
                 h.flash(_('You have successfully registered into rhodecode'),
                             category='success')
+                Session.commit()
                 return redirect(url('login_home'))
 
             except formencode.Invalid, errors:
@@ -121,13 +129,11 @@ class LoginController(BaseController):
         return render('/register.html')
 
     def password_reset(self):
-        user_model = UserModel()
         if request.POST:
-
             password_reset_form = PasswordResetForm()()
             try:
                 form_result = password_reset_form.to_python(dict(request.POST))
-                user_model.reset_password_link(form_result)
+                UserModel().reset_password_link(form_result)
                 h.flash(_('Your password reset link was sent'),
                             category='success')
                 return redirect(url('login_home'))
@@ -143,13 +149,11 @@ class LoginController(BaseController):
         return render('/password_reset.html')
 
     def password_reset_confirmation(self):
-
         if request.GET and request.GET.get('key'):
             try:
-                user_model = UserModel()
                 user = User.get_by_api_key(request.GET.get('key'))
                 data = dict(email=user.email)
-                user_model.reset_password(data)
+                UserModel().reset_password(data)
                 h.flash(_('Your password reset was successful, '
                           'new password has been sent to your email'),
                             category='success')
@@ -160,7 +164,6 @@ class LoginController(BaseController):
         return redirect(url('login_home'))
 
     def logout(self):
-        del session['rhodecode_user']
-        session.save()
-        log.info('Logging out and setting user as Empty')
+        session.delete()
+        log.info('Logging out and deleting session for user')
         redirect(url('home'))