diff --git a/src/main/java/de/thm/arsnova/services/SessionService.java b/src/main/java/de/thm/arsnova/services/SessionService.java
index 816ea46071b199b0be28a9102432039411a70351..ea272023a1ef03a0738bda58d3a1f6e9e4e72c63 100644
--- a/src/main/java/de/thm/arsnova/services/SessionService.java
+++ b/src/main/java/de/thm/arsnova/services/SessionService.java
@@ -235,7 +235,6 @@ public class SessionService implements ISessionService {
 
 	@Override
 	@PreAuthorize("isAuthenticated() and hasPermission(#session, 'owner')")
-	//@PreAuthorize("isAuthenticated() and hasPermission(#sessionkey, 'session', 'owner')")
 	public Session updateSession(String sessionkey, Session session) {
 		return databaseDao.updateSession(session);
 	}
diff --git a/src/test/java/de/thm/arsnova/controller/LecturerQuestionControllerTest.java b/src/test/java/de/thm/arsnova/controller/LecturerQuestionControllerTest.java
index 5450c311f2373b8e61749632ff54134dd4892a54..cd68100c7aa493a3e0fed60d24b7a3043f0e1cb2 100644
--- a/src/test/java/de/thm/arsnova/controller/LecturerQuestionControllerTest.java
+++ b/src/test/java/de/thm/arsnova/controller/LecturerQuestionControllerTest.java
@@ -6,6 +6,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import java.util.ArrayList;
 import java.util.List;
 
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -44,13 +45,7 @@ public class LecturerQuestionControllerTest {
 	@Autowired
 	private WebApplicationContext webApplicationContext;
 
-	@Before
-	public void setup() {
-		mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).build();
-	}
-
 	private void setAuthenticated(boolean isAuthenticated, String username) {
-		SecurityContextHolder.clearContext();
 		if (isAuthenticated) {
 			List<GrantedAuthority> ga = new ArrayList<GrantedAuthority>();
 			UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, "secret", ga);
@@ -61,6 +56,18 @@ public class LecturerQuestionControllerTest {
 		}
 	}
 
+	@Before
+	public final void startup() {
+		mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).build();
+		SecurityContextHolder.clearContext();
+	}
+
+	@After
+	public final void cleanup() {
+		SecurityContextHolder.clearContext();
+		userService.setUserAuthenticated(false);
+	}
+
 	@Test
 	public void testShouldNotGetLecturerQuestionsIfUnauthorized() throws Exception {
 		setAuthenticated(false, "nobody");
diff --git a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
index 3512a8999532a7aa693d9fe1167d7aa64d3c9606..61668ec38cd63b1ba5b08a1a75208f50edc56f86 100644
--- a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
+++ b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
@@ -7,6 +7,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import java.util.ArrayList;
 import java.util.List;
 
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -46,25 +47,32 @@ public class SessionControllerTest {
 	@Autowired
 	private WebApplicationContext webApplicationContext;
 
-	@Before
-	public void setup() {
-		mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).build();
-	}
-
-	private void setAuthenticated(boolean isAuthenticated) {
+	private void setAuthenticated(boolean isAuthenticated, String username) {
 		if (isAuthenticated) {
 			List<GrantedAuthority> ga = new ArrayList<GrantedAuthority>();
-			UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("ptsr00", "secret", ga);
+			UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, "secret", ga);
 			SecurityContextHolder.getContext().setAuthentication(token);
+			userService.setUserAuthenticated(isAuthenticated, username);
 		} else {
-			SecurityContextHolder.clearContext();
+			userService.setUserAuthenticated(isAuthenticated);
 		}
-		userService.setUserAuthenticated(isAuthenticated);
+	}
+
+	@Before
+	public final void startup() {
+		mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).build();
+		SecurityContextHolder.clearContext();
+	}
+
+	@After
+	public final void cleanup() {
+		SecurityContextHolder.clearContext();
+		userService.setUserAuthenticated(false);
 	}
 
 	@Test
 	public void testShouldNotGetUnknownSession() throws Exception {
-		setAuthenticated(true);
+		setAuthenticated(true, "ptsr00");
 
 		mockMvc.perform(get("/session/00000000"))
 		.andExpect(status().isNotFound());
@@ -72,7 +80,7 @@ public class SessionControllerTest {
 
 	@Test
 	public void testShouldNotGetUnknownSessionIfUnauthorized() throws Exception {
-		setAuthenticated(false);
+		setAuthenticated(false, "ptsr00");
 
 		mockMvc.perform(get("/session/00000000"))
 		.andExpect(status().isUnauthorized());
@@ -80,7 +88,7 @@ public class SessionControllerTest {
 
 	@Test
 	public void testShouldCreateSessionIfUnauthorized() throws Exception {
-		setAuthenticated(false);
+		setAuthenticated(false, "ptsr00");
 
 		mockMvc.perform(post("/session/").contentType(MediaType.APPLICATION_JSON).content("{\"keyword\":12345678}"))
 		.andExpect(status().isUnauthorized());
@@ -88,7 +96,7 @@ public class SessionControllerTest {
 
 	@Test
 	public void testShouldNotReturnMySessionsIfUnauthorized() throws Exception {
-		setAuthenticated(false);
+		setAuthenticated(false, "ptsr00");
 
 		mockMvc.perform(get("/session/").param("ownedonly", "true"))
 		.andExpect(status().isUnauthorized());
@@ -96,7 +104,7 @@ public class SessionControllerTest {
 
 	@Test
 	public void testShouldNotReturnMyVisitedSessionsIfUnauthorized() throws Exception {
-		setAuthenticated(false);
+		setAuthenticated(false, "ptsr00");
 
 		mockMvc.perform(get("/session/").param("visitedonly", "true"))
 		.andExpect(status().isUnauthorized());
@@ -104,7 +112,7 @@ public class SessionControllerTest {
 
 	@Test
 	public void testShouldShowUnimplementedIfNoFlagIsSet() throws Exception {
-		setAuthenticated(false);
+		setAuthenticated(false, "ptsr00");
 
 		mockMvc.perform(get("/session/"))
 		.andExpect(status().isNotImplemented());
diff --git a/src/test/java/de/thm/arsnova/services/QuestionServiceTest.java b/src/test/java/de/thm/arsnova/services/QuestionServiceTest.java
index 4fb11fe632fc708e7aefc38f18582c663b1e8690..40b9728779a80c9040d0ef15e38bac0bfda5a59e 100644
--- a/src/test/java/de/thm/arsnova/services/QuestionServiceTest.java
+++ b/src/test/java/de/thm/arsnova/services/QuestionServiceTest.java
@@ -79,8 +79,7 @@ public class QuestionServiceTest {
 
 	@After
 	public final void cleanup() {
-		//databaseDao.cleanupTestData();
-		//setAuthenticated(false, "ptsr00");
+		SecurityContextHolder.clearContext();
 	}
 
 	@Test(expected = AuthenticationCredentialsNotFoundException.class)
diff --git a/src/test/java/de/thm/arsnova/services/SessionServiceTest.java b/src/test/java/de/thm/arsnova/services/SessionServiceTest.java
index c8ee1deca6c9db8ec4e2522197c7cb87f8f701cb..986a54f0134233d68aa4eac62b73afde1cedac7a 100644
--- a/src/test/java/de/thm/arsnova/services/SessionServiceTest.java
+++ b/src/test/java/de/thm/arsnova/services/SessionServiceTest.java
@@ -31,6 +31,7 @@ import java.util.Arrays;
 import java.util.List;
 
 import org.junit.After;
+import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.aop.framework.Advised;
@@ -69,19 +70,7 @@ public class SessionServiceTest {
 	@Autowired
 	private StubDatabaseDao databaseDao;
 
-	@After
-	public final void cleanup() {
-		databaseDao.cleanupTestData();
-		userService.setUserAuthenticated(false);
-	}
-
-	@Test
-	public void testShouldGenerateSessionKeyword() {
-		assertTrue(sessionService.generateKeyword().matches("^[0-9]{8}$"));
-	}
-
 	private void setAuthenticated(boolean isAuthenticated, String username) {
-		SecurityContextHolder.clearContext();
 		if (isAuthenticated) {
 			List<GrantedAuthority> ga = new ArrayList<GrantedAuthority>();
 			UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, "secret", ga);
@@ -92,6 +81,23 @@ public class SessionServiceTest {
 		}
 	}
 
+	@Before
+	public final void startup() {
+		SecurityContextHolder.clearContext();
+	}
+
+	@After
+	public final void cleanup() {
+		databaseDao.cleanupTestData();
+		SecurityContextHolder.clearContext();
+		userService.setUserAuthenticated(false);
+	}
+
+	@Test
+	public void testShouldGenerateSessionKeyword() {
+		assertTrue(sessionService.generateKeyword().matches("^[0-9]{8}$"));
+	}
+
 	@Test(expected = NotFoundException.class)
 	public void testShouldFindNonExistantSession() {
 		setAuthenticated(true, "ptsr00");