diff --git a/src/main/java/org/olat/core/commons/controllers/resume/ResumeController.java b/src/main/java/org/olat/core/commons/controllers/resume/ResumeController.java
index fba11b4e914091c3dc99a6a81cb7c1656e26f70f..9f699ac91510a4d0ff86546d25bb07be92edab1b 100644
--- a/src/main/java/org/olat/core/commons/controllers/resume/ResumeController.java
+++ b/src/main/java/org/olat/core/commons/controllers/resume/ResumeController.java
@@ -99,7 +99,8 @@ public class ResumeController extends FormBasicController {
 		if(source.equals(noButton)){
 			savePreferences(ureq, "none");			
 			fireEvent (ureq, new Event("no"));
-		} else if(source.equals(landingButton)){		
+		} else if(source.equals(landingButton)){
+			savePreferences(ureq, "none");		
 			fireEvent (ureq, new Event("landing"));
 		}
 	}
diff --git a/src/test/java/org/olat/basesecurity/SecurityManagerTest.java b/src/test/java/org/olat/basesecurity/SecurityManagerTest.java
index e73fcd940639c9586528c3a5f07bdc700eaf9774..dab0261c31852f4652320a0395beebfa39b359a8 100644
--- a/src/test/java/org/olat/basesecurity/SecurityManagerTest.java
+++ b/src/test/java/org/olat/basesecurity/SecurityManagerTest.java
@@ -36,6 +36,7 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Test;
@@ -197,10 +198,22 @@ public class SecurityManagerTest extends OlatTestCase {
 		assertEquals(testLogin,authentication.getAuthusername());
 	}
 
-	@Test public void testFindAuthenticationByAuthusername() {
+	@Test
+	public void testFindAuthenticationByAuthusername() {
 		Authentication authentication = securityManager.findAuthenticationByAuthusername(testLogin, BaseSecurityModule.getDefaultAuthProviderIdentifier());
 		assertEquals(testLogin,authentication.getAuthusername());
 	}
+	
+	@Test
+	public void testFindAuthenticationByAuthusername_attack() {
+		String testLoginHacked = "*est-logi*";
+		Authentication authentication1 = securityManager.findAuthenticationByAuthusername(testLoginHacked, BaseSecurityModule.getDefaultAuthProviderIdentifier());
+		Assert.assertNull(authentication1);
+		
+		String testLoginHacked2 = "$est-login";
+		Authentication authentication2 = securityManager.findAuthenticationByAuthusername(testLoginHacked2, BaseSecurityModule.getDefaultAuthProviderIdentifier());
+		Assert.assertNull(authentication2);	
+	}
 
 	@Test @Ignore
 	public void testCountUniqueUserLoginsSince(){