check for token before session

server/api/user_handler.go

@@ -838,12 +838,6 @@ func (app *App) sendUser(w http.ResponseWriter, userID uint, email string, email
 }
 
 func (app *App) getUserIDFromRequest(r *http.Request) (uint, error) {
-	session, err := app.Store.Get(r, app.ServerConf.CookieName)
-
-	if err != nil {
-		return 0, err
-	}
-
 	// first, check for token
 	tok := app.getTokenFromRequest(r)
 
@@ -851,6 +845,12 @@ func (app *App) getUserIDFromRequest(r *http.Request) (uint, error) {
 		return tok.IBy, nil
 	}
 
+	session, err := app.Store.Get(r, app.ServerConf.CookieName)
+
+	if err != nil {
+		return 0, err
+	}
+
 	userID, _ := session.Values["user_id"].(uint)
 
 	return userID, nil