diff --git a/server/authenticator.go b/server/authenticator.go
index 65c97b2..ca13ee5 100644
--- a/server/authenticator.go
+++ b/server/authenticator.go
@@ -42,7 +42,7 @@ func (r *Authenticator) Authenticate(path string, exceptions []string) func(next
 				return err
 			}
 			session, error := r.userManager.GetSession(cookie.Value)
-			if error != nil {
+			if error != nil || session == nil {
 				SendError(401, context, fmt.Sprintf("session not found: %s", cookie.Value))
 				return fmt.Errorf("session not found: %s", cookie.Value)
 			}