diff --git a/src/main/java/de/thm/arsnova/services/SessionService.java b/src/main/java/de/thm/arsnova/services/SessionService.java
index 8d2e0869d7f975bfb0dcafbddd4619d65ba59d6e..869acf1d6040718e0fd9843028a1f7e4d5b5d709 100644
--- a/src/main/java/de/thm/arsnova/services/SessionService.java
+++ b/src/main/java/de/thm/arsnova/services/SessionService.java
@@ -233,6 +233,10 @@ public class SessionService implements ISessionService {
 	@Override
 	public Session setActive(String sessionkey, Boolean lock) {
 		Session session = databaseDao.getSessionFromKeyword(sessionkey);
+		User user = userService.getCurrentUser();
+		if (!session.isCreator(user)) {
+			throw new ForbiddenException();
+		}
 		return databaseDao.lockSession(session, lock);
 	}