diff --git a/src/main/java/org/olat/dispatcher/AuthenticatedDispatcher.java b/src/main/java/org/olat/dispatcher/AuthenticatedDispatcher.java
index 3dfad765e6cd3e2f7deaa08372d5e4de383e4c36..fec85d6039d71ed7e9bb19759e0da4c0e6c7597c 100644
--- a/src/main/java/org/olat/dispatcher/AuthenticatedDispatcher.java
+++ b/src/main/java/org/olat/dispatcher/AuthenticatedDispatcher.java
@@ -160,20 +160,9 @@ public class AuthenticatedDispatcher implements Dispatcher {
 
 		// authenticated!
 		try {
-			
 			//kill session if not secured via SSL
 			if (forceSecureAccessOnly && !request.isSecure()) {
-				SessionInfo sessionInfo = usess.getSessionInfo();
-				if (sessionInfo!=null) {
-					HttpSession session = sessionInfo.getSession();
-					if (session!=null) {
-						try{
-							session.invalidate();
-						} catch(IllegalStateException ise) {
-							// thrown when session already invalidated. fine. ignore.
-						}
-					}
-				}
+				invalidateSession(usess);
 				redirectToDefaultDispatcher(request, response);
 				return;
 			}
@@ -267,7 +256,14 @@ public class AuthenticatedDispatcher implements Dispatcher {
 	}
 	
 	private void processValidDispatchURI(UserRequest ureq, UserSession usess, HttpServletRequest request, HttpServletResponse response) {
-		Windows ws = Windows.getWindows(ureq);
+		Windows ws;
+		try {
+			ws = Windows.getWindows(ureq);
+		} catch (IllegalStateException e) {
+			log.error("", e);// session was invalidate, return to login screen
+			redirectToDefaultDispatcher(request, response);
+			return;
+		}
 		ws.disposeClosedWindows(ureq);
 		Window window = ws.getWindow(ureq);
 		if (window == null) {
@@ -283,6 +279,20 @@ public class AuthenticatedDispatcher implements Dispatcher {
 		}
 	}
 	
+	private void invalidateSession(UserSession usess) {
+		SessionInfo sessionInfo = usess.getSessionInfo();
+		if (sessionInfo!=null) {
+			HttpSession session = sessionInfo.getSession();
+			if (session!=null) {
+				try{
+					session.invalidate();
+				} catch(IllegalStateException ise) {
+					// thrown when session already invalidated. fine. ignore.
+				}
+			}
+		}
+	}
+	
 	private void redirectToDefaultDispatcher(HttpServletRequest request, HttpServletResponse response) {
 		if(ServletUtil.acceptJson(request)) {
 			try {