diff --git a/lib/models/access-token.js b/lib/models/access-token.js
index 14e57326..3ea22d35 100644
--- a/lib/models/access-token.js
+++ b/lib/models/access-token.js
@@ -174,13 +174,14 @@ function tokenIdForRequest(req, options) {
     }
   }
 
-  for(i = 0, length = headers.length; i < length; i++) {
-    id = req.signedCookies[cookies[i]];
+  if(req.signedCookies) {
+    for(i = 0, length = headers.length; i < length; i++) {
+      id = req.signedCookies[cookies[i]];
 
-    if(typeof id === 'string') {
-      return id;
+      if(typeof id === 'string') {
+        return id;
+      }
     }
   }
-
   return null;
 }
diff --git a/lib/models/acl.js b/lib/models/acl.js
index 323d44ab..0f949d98 100644
--- a/lib/models/acl.js
+++ b/lib/models/acl.js
@@ -34,7 +34,7 @@
 var loopback = require('../loopback');
 var async = require('async');
 var assert = require('assert');
-var debug = require('debug')('acl');
+var debug = require('debug')('loopback:security:acl');
 
 var ctx = require('./access-context');
 var AccessContext = ctx.AccessContext;
@@ -242,7 +242,7 @@ ACL.getStaticACLs = function getStaticACLs(model, property) {
       }));
     });
   }
-  debug('getStaticACLs() returns: %s', staticACLs);
+  debug('getStaticACLs() returns: %j', staticACLs);
   return staticACLs;
 };
 
diff --git a/lib/models/role.js b/lib/models/role.js
index c2874d5a..adc544c6 100644
--- a/lib/models/role.js
+++ b/lib/models/role.js
@@ -1,5 +1,5 @@
 var loopback = require('../loopback');
-var debug = require('debug')('role');
+var debug = require('debug')('loopback:security:role');
 var assert = require('assert');
 var async = require('async');
 
@@ -200,7 +200,7 @@ Role.isOwner = function isOwner(modelClass, modelId, userId, callback) {
   // Is the modelClass User or a subclass of User?
   if(isUserClass(modelClass)) {
     process.nextTick(function() {
-      callback(null, modelId === userId);
+      callback(null, modelId == userId);
     });
     return;
   }