diff --git a/RestWrite.js b/RestWrite.js
index ea7b2225..e1f3b624 100644
--- a/RestWrite.js
+++ b/RestWrite.js
@@ -237,6 +237,8 @@ RestWrite.prototype.handleFacebookAuthData = function() {
             response: results[0],
             location: this.location()
           };
+          this.data.objectId = results[0].objectId;
+          this.data.createdWith = "facebook";
           return;
         }
 
@@ -262,7 +264,7 @@ RestWrite.prototype.handleFacebookAuthData = function() {
 
 // The non-third-party parts of User transformation
 RestWrite.prototype.transformUser = function() {
-  if (this.response || this.className !== '_User') {
+  if (this.className !== '_User') {
     return;
   }
 
@@ -273,6 +275,8 @@ RestWrite.prototype.transformUser = function() {
     this.storage['token'] = token;
     promise = promise.then(() => {
       // TODO: Proper createdWith options, pass installationId
+      var expiresAt = new Date();
+      expiresAt.setFullYear(expiresAt.getFullYear() + 1);
       var sessionData = {
         sessionToken: token,
         user: {
@@ -282,10 +286,15 @@ RestWrite.prototype.transformUser = function() {
         },
         createdWith: {
           'action': 'login',
-          'authProvider': 'password'
+          'authProvider': this.data.createdWith || 'password'
         },
-        restricted: false
+        restricted: false,
+        installationId: this.data.installationId,
+        expiresAt: Parse._encode(expiresAt)
       };
+      if (this.response && this.response.response) {
+        this.response.response.sessionToken = token;
+      }
       var create = new RestWrite(this.config, Auth.master(this.config),
                                  '_Session', null, sessionData);
       return create.execute();
diff --git a/classes.js b/classes.js
index dc33eab0..98e94871 100644
--- a/classes.js
+++ b/classes.js
@@ -41,6 +41,14 @@ function handleFind(req) {
   return rest.find(req.config, req.auth,
                    req.params.className, body.where, options)
     .then((response) => {
+      if (response && response.results) {
+        for (result of response.results) {
+          if (result.sessionToken) {
+            result.sessionToken = req.info.sessionToken || result.sessionToken;
+          }
+        }
+        response.results.sessionToken
+      }
       return {response: response};
     });
 }
diff --git a/transform.js b/transform.js
index 0285e837..ee43b8af 100644
--- a/transform.js
+++ b/transform.js
@@ -48,7 +48,7 @@ function transformKeyValue(schema, className, restKey, restValue, options) {
     break;
   case 'expiresAt':
   case '_expiresAt':
-    key = '_expiresAt';
+    key = 'expiresAt';
     timeField = true;
     break;
   case '_rperm':
diff --git a/users.js b/users.js
index 76deec7c..8694d0ce 100644
--- a/users.js
+++ b/users.js
@@ -10,13 +10,16 @@ var facebook = require('./facebook');
 var PromiseRouter = require('./PromiseRouter');
 var rest = require('./rest');
 var RestWrite = require('./RestWrite');
+var deepcopy = require('deepcopy');
 
 var router = new PromiseRouter();
 
 // Returns a promise for a {status, response, location} object.
 function handleCreate(req) {
+  var data = deepcopy(req.body);
+  data.installationId = req.info.installationId;
   return rest.create(req.config, req.auth,
-                     '_User', req.body);
+                     '_User', data);
 }
 
 // Returns a promise for a {response} object.