diff --git a/src/main/java/de/thm/arsnova/controller/SessionController.java b/src/main/java/de/thm/arsnova/controller/SessionController.java
index a6b57586451060bf289e62ed3a39460bb044ee86..4654a06da266c55cb0a2bf52726e83b3d7bfe0aa 100644
--- a/src/main/java/de/thm/arsnova/controller/SessionController.java
+++ b/src/main/java/de/thm/arsnova/controller/SessionController.java
@@ -138,12 +138,6 @@ public class SessionController extends AbstractController {
 		User user = userService.getCurrentUser();
 		List<Session> sessions = null;
 
-		/* TODO Could @Authorized annotation be used instead of this check? */
-		if (null == user) {
-			response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-			return null;
-		}
-
 		/* TODO implement all parameter combinations, implement use of user parameter */
 		if (ownedOnly && !visitedOnly) {
 			sessions = sessionService.getMySessions(user);
diff --git a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
index 0fdd78d521dcb5a1dbc7afc1026574e7cc5feec9..3512a8999532a7aa693d9fe1167d7aa64d3c9606 100644
--- a/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
+++ b/src/test/java/de/thm/arsnova/controller/SessionControllerTest.java
@@ -85,4 +85,28 @@ public class SessionControllerTest {
 		mockMvc.perform(post("/session/").contentType(MediaType.APPLICATION_JSON).content("{\"keyword\":12345678}"))
 		.andExpect(status().isUnauthorized());
 	}
+
+	@Test
+	public void testShouldNotReturnMySessionsIfUnauthorized() throws Exception {
+		setAuthenticated(false);
+
+		mockMvc.perform(get("/session/").param("ownedonly", "true"))
+		.andExpect(status().isUnauthorized());
+	}
+
+	@Test
+	public void testShouldNotReturnMyVisitedSessionsIfUnauthorized() throws Exception {
+		setAuthenticated(false);
+
+		mockMvc.perform(get("/session/").param("visitedonly", "true"))
+		.andExpect(status().isUnauthorized());
+	}
+
+	@Test
+	public void testShouldShowUnimplementedIfNoFlagIsSet() throws Exception {
+		setAuthenticated(false);
+
+		mockMvc.perform(get("/session/"))
+		.andExpect(status().isNotImplemented());
+	}
 }