diff --git a/auth.py b/auth.py
index 87b4d649bcfee469e6da50e2f0c58a2b6c5e6f54..42a5f4c70e28b90627b22520d811699efcf18032 100644
--- a/auth.py
+++ b/auth.py
@@ -161,7 +161,10 @@ class SecurityManager:
         summary, hash = map(lambda s: s.encode("utf-8"), parts)
         maccer = self.maccer.copy()
         maccer.update(summary)
-        session_duration = datetime.now() - User.from_hashstring(string).timestamp
+        user = User.from_hashstring(string)
+        if user is None:
+            return False
+        session_duration = datetime.now() - user.timestamp
         macs_equal = hmac.compare_digest(maccer.hexdigest().encode("utf-8"), hash)
         time_short = int(session_duration.total_seconds()) < self.max_duration 
         return macs_equal and time_short
diff --git a/server.py b/server.py
index de2fbe8ae40c9e3cfff567ac184b2a0d128a5603..543a9c1d45c82f7e2f1f4760f03649fa813f5ef2 100755
--- a/server.py
+++ b/server.py
@@ -1328,7 +1328,7 @@ def new_like():
 
 @app.route("/login", methods=["GET", "POST"])
 def login():
-    if "auth" in session:
+    if "auth" in session and current_user() is not None:
         flash("You are already logged in.", "alert-success")
         return redirect(request.args.get("next") or url_for("index"))
     form = LoginForm()