diff --git a/cmd/pomerium/main.go b/cmd/pomerium/main.go
index 51d23c2bb..8531be228 100644
--- a/cmd/pomerium/main.go
+++ b/cmd/pomerium/main.go
@@ -8,22 +8,22 @@ import (
 	"os"
 	"time"
 
-	"github.com/pomerium/pomerium/internal/metrics"
-
 	"github.com/fsnotify/fsnotify"
+	"github.com/spf13/viper"
+	"google.golang.org/grpc"
+
 	"github.com/pomerium/pomerium/authenticate"
 	"github.com/pomerium/pomerium/authorize"
 	"github.com/pomerium/pomerium/internal/config"
 	"github.com/pomerium/pomerium/internal/https"
 	"github.com/pomerium/pomerium/internal/log"
+	"github.com/pomerium/pomerium/internal/metrics"
 	"github.com/pomerium/pomerium/internal/middleware"
 	"github.com/pomerium/pomerium/internal/urlutil"
 	"github.com/pomerium/pomerium/internal/version"
 	pbAuthenticate "github.com/pomerium/pomerium/proto/authenticate"
 	pbAuthorize "github.com/pomerium/pomerium/proto/authorize"
 	"github.com/pomerium/pomerium/proxy"
-	"github.com/spf13/viper"
-	"google.golang.org/grpc"
 )
 
 var versionFlag = flag.Bool("version", false, "prints the version")
@@ -90,7 +90,7 @@ func main() {
 	}
 
 	if srv, err := startRedirectServer(opt.HTTPRedirectAddr); err != nil {
-		log.Debug().Err(err).Msg("cmd/pomerium: http redirect server not started")
+		log.Debug().Str("cause", err.Error()).Msg("cmd/pomerium: http redirect server not started")
 	} else {
 		defer srv.Close()
 	}
diff --git a/internal/metrics/exporter.go b/internal/metrics/exporter.go
index 09b9f18c8..1295ef613 100644
--- a/internal/metrics/exporter.go
+++ b/internal/metrics/exporter.go
@@ -1,4 +1,4 @@
-package metrics
+package metrics // import "github.com/pomerium/pomerium/internal/metrics"
 
 import (
 	"net/http"
diff --git a/internal/metrics/exporter_test.go b/internal/metrics/exporter_test.go
index 6738dcd43..2d9b1566f 100644
--- a/internal/metrics/exporter_test.go
+++ b/internal/metrics/exporter_test.go
@@ -1,4 +1,4 @@
-package metrics
+package metrics // import "github.com/pomerium/pomerium/internal/metrics"
 
 import (
 	"bytes"
diff --git a/internal/metrics/middleware.go b/internal/metrics/middleware.go
index c9546b6d7..06d434154 100644
--- a/internal/metrics/middleware.go
+++ b/internal/metrics/middleware.go
@@ -1,4 +1,4 @@
-package metrics
+package metrics // import "github.com/pomerium/pomerium/internal/metrics"
 
 import (
 	"context"
@@ -6,13 +6,11 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/pomerium/pomerium/internal/middleware/responsewriter"
-
+	"go.opencensus.io/stats"
+	"go.opencensus.io/stats/view"
 	"go.opencensus.io/tag"
 
-	"go.opencensus.io/stats/view"
-
-	"go.opencensus.io/stats"
+	"github.com/pomerium/pomerium/internal/middleware/responsewriter"
 )
 
 var (
@@ -26,14 +24,14 @@ var (
 	httpRequestDuration = stats.Int64("http_server_request_duration_ms", "HTTP Request duration in ms", "ms")
 
 	views = []*view.View{
-		&view.View{
+		{
 			Name:        httpRequestCount.Name(),
 			Measure:     httpRequestCount,
 			Description: httpRequestCount.Description(),
 			TagKeys:     []tag.Key{keyService, keyHost, keyMethod, keyStatus},
 			Aggregation: view.Count(),
 		},
-		&view.View{
+		{
 			Name:        httpRequestDuration.Name(),
 			Measure:     httpRequestDuration,
 			Description: httpRequestDuration.Description(),
@@ -46,7 +44,7 @@ var (
 				100000,
 			),
 		},
-		&view.View{
+		{
 			Name:        httpResponseSize.Name(),
 			Measure:     httpResponseSize,
 			Description: httpResponseSize.Description(),
diff --git a/internal/metrics/middleware_test.go b/internal/metrics/middleware_test.go
index 83c25d952..43f320123 100644
--- a/internal/metrics/middleware_test.go
+++ b/internal/metrics/middleware_test.go
@@ -1,4 +1,4 @@
-package metrics
+package metrics // import "github.com/pomerium/pomerium/internal/metrics"
 
 import (
 	"bytes"
diff --git a/proxy/handlers.go b/proxy/handlers.go
index 52de7427b..b80559804 100644
--- a/proxy/handlers.go
+++ b/proxy/handlers.go
@@ -229,16 +229,13 @@ func isCORSPreflight(r *http.Request) bool {
 func (p *Proxy) Proxy(w http.ResponseWriter, r *http.Request) {
 	if !p.shouldSkipAuthentication(r) {
 		s, err := p.restStore.LoadSession(r)
-		if err != nil {
-			log.FromRequest(r).Debug().Err(err).Msg("proxy: no bearer auth token found")
-		}
-
-		if s == nil {
+		// if authorization bearer token does not exist or fails, use cookie store
+		if err != nil || s == nil {
 			s, err = p.sessionStore.LoadSession(r)
 			if err != nil {
 				switch err {
 				case http.ErrNoCookie, sessions.ErrLifetimeExpired, sessions.ErrInvalidSession:
-					log.FromRequest(r).Debug().Err(err).Msg("proxy: invalid session")
+					log.FromRequest(r).Debug().Str("cause", err.Error()).Msg("proxy: invalid session, start auth process")
 					p.sessionStore.ClearSession(w, r)
 					p.OAuthStart(w, r)
 					return