diff --git a/src/main/java/de/thm/arsnova/controller/SessionController.java b/src/main/java/de/thm/arsnova/controller/SessionController.java
index 1db2a8e3cb148d13745ed734e9ba6c37c37a694e..f846b836409cd9038fa4b5453050f089f53d6cf8 100644
--- a/src/main/java/de/thm/arsnova/controller/SessionController.java
+++ b/src/main/java/de/thm/arsnova/controller/SessionController.java
@@ -173,31 +173,33 @@ public class SessionController extends PaginationController {
 			) {
 		List<Session> sessions = null;
 
-		if (username.equals("")) try {
-			if (ownedOnly && !visitedOnly) {
-				sessions = sessionService.getUserSessions(username);
-			} else if (visitedOnly && !ownedOnly) {
-				sessions = sessionService.getUserVisitedSessions(username);
-			} else {
-				response.setStatus(HttpStatus.NOT_IMPLEMENTED.value());
-				return null;
+		if (!username.equals("")) {
+			try {
+				if (ownedOnly && !visitedOnly) {
+					sessions = sessionService.getUserSessions(username);
+				} else if (visitedOnly && !ownedOnly) {
+					sessions = sessionService.getUserVisitedSessions(username);
+				} else {
+					response.setStatus(HttpStatus.NOT_IMPLEMENTED.value());
+					return null;
+				}
+			} catch (final AccessDeniedException e) {
+				throw new UnauthorizedException();
 			}
-		} catch (final AccessDeniedException e) {
-			throw new UnauthorizedException();
-		}
-
-		/* TODO implement all parameter combinations, implement use of user parameter */
-		try {
-			if (ownedOnly && !visitedOnly) {
-				sessions = sessionService.getMySessions(offset, limit);
-			} else if (visitedOnly && !ownedOnly) {
-				sessions = sessionService.getMyVisitedSessions(offset, limit);
-			} else {
-				response.setStatus(HttpStatus.NOT_IMPLEMENTED.value());
-				return null;
+		} else {
+			/* TODO implement all parameter combinations, implement use of user parameter */
+			try {
+				if (ownedOnly && !visitedOnly) {
+					sessions = sessionService.getMySessions(offset, limit);
+				} else if (visitedOnly && !ownedOnly) {
+					sessions = sessionService.getMyVisitedSessions(offset, limit);
+				} else {
+					response.setStatus(HttpStatus.NOT_IMPLEMENTED.value());
+					return null;
+				}
+			} catch (final AccessDeniedException e) {
+				throw new UnauthorizedException();
 			}
-		} catch (final AccessDeniedException e) {
-			throw new UnauthorizedException();
 		}
 
 		if (sessions == null || sessions.isEmpty()) {
diff --git a/src/main/java/de/thm/arsnova/services/SessionService.java b/src/main/java/de/thm/arsnova/services/SessionService.java
index 2e44e2aa154bf29b5f935e20fbedcaa4eb0bf6d2..8894b82cc457c0178f2cd2506184f001adfd0cbf 100644
--- a/src/main/java/de/thm/arsnova/services/SessionService.java
+++ b/src/main/java/de/thm/arsnova/services/SessionService.java
@@ -233,7 +233,7 @@ public class SessionService implements ISessionService, ApplicationEventPublishe
 	}
 
 	@Override
-	@PreAuthorize("isAuthenticated() and hasPermission(#sessionkey, 'session', 'owner')")
+	@PreAuthorize("isAuthenticated() and hasPermission(1, 'motd', 'admin')")
 	public List<Session> getUserVisitedSessions(String username) {
 		return databaseDao.getVisitedSessionsForUsername(username, 0, 0);
 	}