diff --git a/bigbluebutton-html5/imports/api/users/server/methods/validateAuthToken.js b/bigbluebutton-html5/imports/api/users/server/methods/validateAuthToken.js
index 0f01fb0c2d95378063180efdedafbc1de0290284..dc7f37e7dae2d3295eed00bea5ef379ea31e0cc7 100644
--- a/bigbluebutton-html5/imports/api/users/server/methods/validateAuthToken.js
+++ b/bigbluebutton-html5/imports/api/users/server/methods/validateAuthToken.js
@@ -2,12 +2,35 @@ import { Meteor } from 'meteor/meteor';
 import RedisPubSub from '/imports/startup/server/redis';
 import Logger from '/imports/startup/server/logger';
 import pendingAuthenticationsStore from '../store/pendingAuthentications';
+import BannedUsers from '../store/bannedUsers';
+import Users from '/imports/api/users';
 
-export default function validateAuthToken(meetingId, requesterUserId, requesterToken) {
+export default function validateAuthToken(meetingId, requesterUserId, requesterToken, externalId) {
   const REDIS_CONFIG = Meteor.settings.private.redis;
   const CHANNEL = REDIS_CONFIG.channels.toAkkaApps;
   const EVENT_NAME = 'ValidateAuthTokenReqMsg';
 
+  // Check if externalId is banned from the meeting
+  if (externalId) {
+    if (BannedUsers.has(meetingId, externalId)) {
+      Logger.warn(`A banned user with extId ${externalId} tried to enter in meeting ${meetingId}`);
+      return { invalid: true, reason: 'User has been banned' };
+    }
+  }
+
+  // Prevent users who have left or been ejected to use the same sessionToken again.
+  const isUserInvalid = Users.findOne({
+    meetingId,
+    userId: requesterUserId,
+    authToken: requesterToken,
+    $or: [{ ejected: true }, { loggedOut: true }],
+  });
+
+  if (isUserInvalid) {
+    Logger.warn(`An invalid sessionToken tried to validateAuthToken meetingId=${meetingId} authToken=${requesterToken}`);
+    return { invalid: true, reason: 'User has an invalid sessionToken' };
+  }
+
   // Store reference of methodInvocationObject ( to postpone the connection userId definition )
   pendingAuthenticationsStore.add(meetingId, requesterUserId, requesterToken, this);
 
diff --git a/bigbluebutton-html5/imports/ui/services/auth/index.js b/bigbluebutton-html5/imports/ui/services/auth/index.js
index cc1c7fbf58b1eeb290eda00a33e0a385fe0da17a..3810c9a0e4b345cc3c847fddc731f5098428d423 100755
--- a/bigbluebutton-html5/imports/ui/services/auth/index.js
+++ b/bigbluebutton-html5/imports/ui/services/auth/index.js
@@ -218,7 +218,7 @@ class Auth {
         });
       }, CONNECTION_TIMEOUT);
 
-      const result = await makeCall('checkSessionToken', this.meetingID, this.userID, this.token, this.externUserID);
+      const result = await makeCall('validateAuthToken', this.meetingID, this.userID, this.token, this.externUserID);
 
       if (result && result.invalid) {
         clearTimeout(validationTimeout);