diff --git a/server/login/login.go b/server/login/login.go
index 1744c7db114a9bc12c73dada3253ace9540f763f..6bcd9410d89969f94f9a480db9a13e32faaaf97c 100644
--- a/server/login/login.go
+++ b/server/login/login.go
@@ -162,6 +162,11 @@ func (l *Login) fetchOrInitSession(req *http.Request) *loginSession {
 	if err != nil {
 		return new(loginSession)
 	}
+	// Check our own Deadline anyway (for authenticated sessions), do not
+	// necessarily trust the securecookie.
+	if !session.Deadline.IsZero() && time.Now().UTC().After(session.Deadline) {
+		return new(loginSession)
+	}
 	return session
 }