diff --git a/files/classes/user.py b/files/classes/user.py
index d455abc92..0b59b1362 100644
--- a/files/classes/user.py
+++ b/files/classes/user.py
@@ -366,7 +366,7 @@ class User(Base):
 		return generate_hash(msg)
 
 	def validate_formkey(self, formkey):
-
+		if not formkey: return False
 		return validate_hash(f"{session['session_id']}+{self.id}+{self.login_nonce}", formkey)
 
 	@property
diff --git a/files/helpers/security.py b/files/helpers/security.py
index f921b805d..005d74086 100644
--- a/files/helpers/security.py
+++ b/files/helpers/security.py
@@ -13,7 +13,7 @@ def generate_hash(string):
 
 
 def validate_hash(string, hashstr):
-
+	if not string or not hashstr: return False
 	return hmac.compare_digest(hashstr, generate_hash(string))
 
 
diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py
index 429ab2839..533582aa7 100644
--- a/files/helpers/wrappers.py
+++ b/files/helpers/wrappers.py
@@ -27,19 +27,22 @@ def get_logged_in_user():
 			id = int(lo_user)
 			v = g.db.query(User).get(id)
 			if v:
+				v.client = None
 				nonce = session.get("login_nonce", 0)
-				if nonce < v.login_nonce or v.id != id: abort(401)
+				if nonce < v.login_nonce or v.id != id:
+					session.pop("lo_user")
+					v = None
 
-				if request.method != "GET":
+				if v and request.method != "GET":
 					submitted_key = request.values.get("formkey")
 					if not submitted_key and request.is_json:
 						json = request.get_json(silent=True)
 						if json and type(json) is dict:
 							submitted_key = json.get('formkey')
-					if not submitted_key: abort(401)
-					if not v.validate_formkey(submitted_key): abort(401)
-
-				v.client = None
+					if not v.validate_formkey(submitted_key):
+						v = None
+			else:
+				session.pop("lo_user")
 
 	if request.method.lower() != "get" \
 			and app.config['SETTINGS']['Read-only mode'] \