diff --git a/app/assets/javascripts/editor.js b/app/assets/javascripts/editor.js
index 93e3539b..50c51179 100644
--- a/app/assets/javascripts/editor.js
+++ b/app/assets/javascripts/editor.js
@@ -510,7 +510,6 @@ $(function() {
       var jqxhr = $.ajax({
         data: {
           comment: {
-            user_id: user_id,
             file_id: file_id,
             row: row,
             column: 0,
@@ -1014,7 +1013,6 @@ $(function() {
       url: '/request_for_comments',
       data: {
         request_for_comment: {
-          requestor_user_id: user_id,
           exercise_id: exercise_id,
           file_id: file_id,
           "requested_at(1i)": 2015, // these are the timestamp values that the request handler demands
diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
index 434aa67b..c1aab761 100644
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -75,7 +75,7 @@ class CommentsController < ApplicationController
   # POST /comments
   # POST /comments.json
   def create
-    @comment = Comment.new(comment_params.merge(user_type: current_user.class.name))
+    @comment = Comment.new(comment_params)
 
     respond_to do |format|
       if @comment.save
@@ -135,6 +135,6 @@ class CommentsController < ApplicationController
     def comment_params
       #params.require(:comment).permit(:user_id, :file_id, :row, :column, :text)
       # fuer production mode, damit böse menschen keine falsche user_id uebergeben:
-      params.require(:comment).permit(:file_id, :row, :column, :text).merge(user_id: current_user.id)
+      params.require(:comment).permit(:file_id, :row, :column, :text).merge(user_id: current_user.id, user_type: current_user.class.name)
     end
 end
diff --git a/app/controllers/request_for_comments_controller.rb b/app/controllers/request_for_comments_controller.rb
index 2a68619b..9e0a5d49 100644
--- a/app/controllers/request_for_comments_controller.rb
+++ b/app/controllers/request_for_comments_controller.rb
@@ -66,6 +66,6 @@ class RequestForCommentsController < ApplicationController
 
     # Never trust parameters from the scary internet, only allow the white list through.
     def request_for_comment_params
-      params.require(:request_for_comment).permit(:requestor_user_id, :exercise_id, :file_id, :requested_at)
+      params.require(:request_for_comment).permit(:exercise_id, :file_id, :requested_at).merge(requestor_user_id: current_user.id, user_type: current_user.class.name)
     end
 end