diff --git a/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy b/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
index 5546cae7210b261a2a568cbdead0a46ca76ccdf0..89464c3d4aeeb51491cd6863cc456a8f0a4310fd 100755
--- a/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
+++ b/bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
@@ -1420,10 +1420,12 @@ class ApiController {
     UserSession userSession = null;
 
     String respMessage = "Session " + sessionToken + " not found."
-    if (meetingService.getUserSessionWithAuthToken(sessionToken) == null) {
+    if (!session[sessionToken]) {
+      reject = true;
+    } else if (meetingService.getUserSessionWithAuthToken(sessionToken) == null) {
       reject = true;
       respMessage = "Session " + sessionToken + " not found."
-    }  else {
+    } else {
       us = meetingService.getUserSessionWithAuthToken(sessionToken);
       meeting = meetingService.getMeeting(us.meetingID);
       if (meeting == null || meeting.isForciblyEnded()) {
@@ -1560,7 +1562,9 @@ class ApiController {
       println("Session token = [" + sessionToken + "]")
     }
 
-    if (meetingService.getUserSessionWithAuthToken(sessionToken) == null)
+    if (!session[sessionToken]) {
+      reject = true;
+    } else if (meetingService.getUserSessionWithAuthToken(sessionToken) == null)
       reject = true;
     else {
       us = meetingService.getUserSessionWithAuthToken(sessionToken);