diff --git a/extra.go b/extra.go
index c41e5e7..0dc9ba3 100644
--- a/extra.go
+++ b/extra.go
@@ -5,9 +5,12 @@ import "context"
 const AUTH_CONTEXT_KEY = iota
 
 func GetAuthStatus(ctx context.Context) (pubkey string, ok bool) {
-	authedPubkey := ctx.Value(AUTH_CONTEXT_KEY)
-	if authedPubkey == nil {
+	value := ctx.Value(AUTH_CONTEXT_KEY)
+	if value == nil {
 		return "", false
 	}
-	return authedPubkey.(string), true
+	if ws, ok := value.(*WebSocket); ok {
+		return ws.authed, true
+	}
+	return "", false
 }
diff --git a/handlers.go b/handlers.go
index e6f0b38..33e7fed 100644
--- a/handlers.go
+++ b/handlers.go
@@ -293,7 +293,6 @@ func (s *Server) doAuth(ctx context.Context, ws *WebSocket, request []json.RawMe
 		}
 		if pubkey, ok := nip42.ValidateAuthEvent(&evt, ws.challenge, auther.ServiceURL()); ok {
 			ws.authed = pubkey
-			ctx = context.WithValue(ctx, AUTH_CONTEXT_KEY, pubkey)
 			ws.WriteJSON(nostr.OKEnvelope{EventID: evt.ID, OK: true})
 		} else {
 			ws.WriteJSON(nostr.OKEnvelope{EventID: evt.ID, OK: false, Reason: "error: failed to authenticate"})
@@ -324,6 +323,8 @@ func (s *Server) handleMessage(ctx context.Context, ws *WebSocket, message []byt
 	var typ string
 	json.Unmarshal(request[0], &typ)
 
+	ctx = context.WithValue(ctx, AUTH_CONTEXT_KEY, ws)
+
 	switch typ {
 	case "EVENT":
 		notice = s.doEvent(ctx, ws, request, store)