diff --git a/.circleci/config.yml b/.circleci/config.yml
index 9eba890fa3..89d6880e47 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -164,7 +164,7 @@ parameters:
     default: "main"
     type: string
   sandbox_git_branch:  # change to feature branch to test deployment
-    default: "rolling-deploys"
+    default: "cm-393-read-regions-permissions"
     type: string
   prod_new_relic_app_id:
     default: "877570491"
diff --git a/src/app.js b/src/app.js
index cf0127b07c..416008f31a 100644
--- a/src/app.js
+++ b/src/app.js
@@ -12,7 +12,7 @@ import { CronJob } from 'cron';
 import { hsesAuth } from './middleware/authMiddleware';
 import updateGrantsGrantees from './lib/updateGrantsGrantees';
 
-import findOrCreateUser, { getUserReadRegions } from './services/accessValidation';
+import findOrCreateUser from './services/accessValidation';
 
 import { logger, auditLogger, requestLogger } from './logger';
 
@@ -82,7 +82,6 @@ app.get(oauth2CallbackPath, async (req, res) => {
     });
 
     req.session.userId = dbUser.id;
-    req.session.readRegions = await getUserReadRegions(dbUser.id);
     auditLogger.info(`User ${dbUser.id} logged in`);
 
     logger.debug(`referrer path: ${req.session.referrerPath}`);
diff --git a/src/middleware/authMiddleware.js b/src/middleware/authMiddleware.js
index 09b99aa6ec..2fd7bdc4d9 100644
--- a/src/middleware/authMiddleware.js
+++ b/src/middleware/authMiddleware.js
@@ -1,7 +1,7 @@
 import {} from 'dotenv/config';
 import ClientOAuth2 from 'client-oauth2';
 import { auditLogger } from '../logger';
-import { validateUserAuthForAccess, getUserReadRegions } from '../services/accessValidation';
+import { validateUserAuthForAccess } from '../services/accessValidation';
 
 export const hsesAuth = new ClientOAuth2({
   clientId: process.env.AUTH_CLIENT_ID,
@@ -45,7 +45,6 @@ export default async function authMiddleware(req, res, next) {
   if (process.env.NODE_ENV !== 'production' && process.env.BYPASS_AUTH === 'true') {
     auditLogger.warn(`Bypassing authentication in authMiddleware - using User ${process.env.CURRENT_USER_ID}`);
     req.session.userId = process.env.CURRENT_USER_ID;
-    req.session.readRegions = await getUserReadRegions(process.env.CURRENT_USER_ID);
   }
   let userId = null;
   if (req.session) {
diff --git a/src/routes/activityReports/handlers.js b/src/routes/activityReports/handlers.js
index 8cc848cfbf..4284804d10 100644
--- a/src/routes/activityReports/handlers.js
+++ b/src/routes/activityReports/handlers.js
@@ -15,6 +15,7 @@ import {
 import { goalsForGrants } from '../../services/goals';
 import { userById, usersWithPermissions } from '../../services/users';
 import { REPORT_STATUSES, DECIMAL_BASE } from '../../constants';
+import { getUserReadRegions } from '../../services/accessValidation';
 
 const { APPROVE_REPORTS } = SCOPES;
 
@@ -200,7 +201,7 @@ export async function getReport(req, res) {
  * @param {*} res - response
  */
 export async function getReports(req, res) {
-  const { readRegions } = req.session;
+  const readRegions = await getUserReadRegions(req.session.userId);
   const reportsWithCount = await activityReports(readRegions, req.query);
   if (!reportsWithCount) {
     res.sendStatus(404);