diff --git a/src/main/java/de/thm/arsnova/controller/AbstractController.java b/src/main/java/de/thm/arsnova/controller/AbstractController.java
index 755a5625b6b01262b89c700902282acbd20491bc..27eb3d61bf83f6931b7371dbb5c6d1d672766958 100644
--- a/src/main/java/de/thm/arsnova/controller/AbstractController.java
+++ b/src/main/java/de/thm/arsnova/controller/AbstractController.java
@@ -1,67 +1,6 @@
 package de.thm.arsnova.controller;
 
-import javax.servlet.http.HttpServletRequest;
-
-import org.springframework.http.HttpStatus;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.ResponseStatus;
-
-import de.thm.arsnova.exceptions.BadRequestException;
-import de.thm.arsnova.exceptions.ForbiddenException;
-import de.thm.arsnova.exceptions.NoContentException;
-import de.thm.arsnova.exceptions.NotFoundException;
-import de.thm.arsnova.exceptions.NotImplementedException;
-import de.thm.arsnova.exceptions.PreconditionFailedException;
-import de.thm.arsnova.exceptions.UnauthorizedException;
-
 public class AbstractController {
 	protected static final String X_DEPRECATED_API = "X-Deprecated-API";
 	protected static final String X_FORWARDED = "X-Forwarded";
-
-	@ResponseStatus(HttpStatus.NOT_FOUND)
-	@ExceptionHandler(NotFoundException.class)
-	public void handleNotFoundException(final Exception e, final HttpServletRequest request) {
-	}
-
-	@ResponseStatus(HttpStatus.UNAUTHORIZED)
-	@ExceptionHandler(UnauthorizedException.class)
-	public void handleUnauthorizedException(final Exception e, final HttpServletRequest request) {
-	}
-
-	@ResponseStatus(HttpStatus.UNAUTHORIZED)
-	@ExceptionHandler(AuthenticationCredentialsNotFoundException.class)
-	public void handleAuthenticationCredentialsNotFoundException(final Exception e, final HttpServletRequest request) {
-	}
-
-	@ResponseStatus(HttpStatus.FORBIDDEN)
-	@ExceptionHandler(ForbiddenException.class)
-	public void handleForbiddenException(final Exception e, final HttpServletRequest request) {
-	}
-
-	@ResponseStatus(HttpStatus.FORBIDDEN)
-	@ExceptionHandler(AccessDeniedException.class)
-	public void handleAccessDeniedException(final Exception e, final HttpServletRequest request) {
-	}
-
-	@ResponseStatus(HttpStatus.NO_CONTENT)
-	@ExceptionHandler(NoContentException.class)
-	public void handleNoContentException(final Exception e, final HttpServletRequest request) {
-	}
-
-	@ResponseStatus(HttpStatus.BAD_REQUEST)
-	@ExceptionHandler(BadRequestException.class)
-	public void handleBadRequestException(final Exception e, final HttpServletRequest request) {
-	}
-
-	@ResponseStatus(HttpStatus.PRECONDITION_FAILED)
-	@ExceptionHandler(PreconditionFailedException.class)
-	public void handlePreconditionFailedException(final Exception e, final HttpServletRequest request) {
-	}
-
-	@ResponseStatus(HttpStatus.NOT_IMPLEMENTED)
-	@ExceptionHandler(NotImplementedException.class)
-	public void handleNotImplementedException(final Exception e, final HttpServletRequest request) {
-	}
 }
diff --git a/src/main/java/de/thm/arsnova/controller/SecurityExceptionControllerAdvice.java b/src/main/java/de/thm/arsnova/controller/SecurityExceptionControllerAdvice.java
new file mode 100644
index 0000000000000000000000000000000000000000..4ffc33b3e507f8f4897938e1539f80ced472f72a
--- /dev/null
+++ b/src/main/java/de/thm/arsnova/controller/SecurityExceptionControllerAdvice.java
@@ -0,0 +1,72 @@
+package de.thm.arsnova.controller;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+import de.thm.arsnova.exceptions.BadRequestException;
+import de.thm.arsnova.exceptions.ForbiddenException;
+import de.thm.arsnova.exceptions.NoContentException;
+import de.thm.arsnova.exceptions.NotFoundException;
+import de.thm.arsnova.exceptions.NotImplementedException;
+import de.thm.arsnova.exceptions.PreconditionFailedException;
+import de.thm.arsnova.exceptions.UnauthorizedException;
+
+@ControllerAdvice
+public class SecurityExceptionControllerAdvice {
+
+	@ResponseStatus(HttpStatus.NOT_FOUND)
+	@ExceptionHandler(NotFoundException.class)
+	public void handleNotFoundException(final Exception e, final HttpServletRequest request) {
+	}
+
+	@ResponseStatus(HttpStatus.UNAUTHORIZED)
+	@ExceptionHandler(UnauthorizedException.class)
+	public void handleUnauthorizedException(final Exception e, final HttpServletRequest request) {
+	}
+
+	@ResponseStatus(HttpStatus.UNAUTHORIZED)
+	@ExceptionHandler(AuthenticationCredentialsNotFoundException.class)
+	public void handleAuthenticationCredentialsNotFoundException(final Exception e, final HttpServletRequest request) {
+	}
+
+	@ResponseStatus(HttpStatus.UNAUTHORIZED)
+	@ExceptionHandler(AccessDeniedException.class)
+	public void handleAccessDeniedException(final Exception e, final HttpServletRequest request) {
+	}
+
+	@ResponseStatus(HttpStatus.FORBIDDEN)
+	@ExceptionHandler(ForbiddenException.class)
+	public void handleForbiddenException(final Exception e, final HttpServletRequest request) {
+	}
+
+	@ResponseStatus(HttpStatus.NO_CONTENT)
+	@ExceptionHandler(NoContentException.class)
+	public void handleNoContentException(final Exception e, final HttpServletRequest request) {
+	}
+
+	@ResponseStatus(HttpStatus.BAD_REQUEST)
+	@ExceptionHandler(BadRequestException.class)
+	public void handleBadRequestException(final Exception e, final HttpServletRequest request) {
+	}
+
+	@ResponseStatus(HttpStatus.PRECONDITION_FAILED)
+	@ExceptionHandler(PreconditionFailedException.class)
+	public void handlePreconditionFailedException(final Exception e, final HttpServletRequest request) {
+	}
+
+	@ResponseStatus(HttpStatus.NOT_IMPLEMENTED)
+	@ExceptionHandler(NotImplementedException.class)
+	public void handleNotImplementedException(final Exception e, final HttpServletRequest request) {
+	}
+
+	@ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
+	@ExceptionHandler(Exception.class)
+	public void handleAllOtherExceptions(final Exception e, final HttpServletRequest request) {
+	}
+}
diff --git a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
index 0f0bb8f08424b57f199ea371b4a1f0e6d10029a0..f8185c1a89d3d924dc6d71916ef59706eed26f91 100644
--- a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
+++ b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
@@ -144,4 +144,12 @@ public class SessionControllerTest {
 		.andExpect(status().isOk())
 		.andExpect(header().string(AbstractController.X_DEPRECATED_API, "1"));
 	}
+
+	@Test
+	public void testShouldEndInUnauthorizedResult() throws Exception {
+		setAuthenticated(false, "ptsr00");
+
+		mockMvc.perform(post("/session/12345678/online").accept(MediaType.APPLICATION_JSON))
+		.andExpect(status().isUnauthorized());
+	}
 }