diff --git a/src/pyload/core/api/__init__.py b/src/pyload/core/api/__init__.py
index 280dcbcbe7..6b0ef87cde 100644
--- a/src/pyload/core/api/__init__.py
+++ b/src/pyload/core/api/__init__.py
@@ -1117,7 +1117,7 @@ def set_captcha_result(self, tid, result):
     @permission(Perms.STATUS)
     def get_events(self, uuid):
         """
-        Lists occured events, may be affected to changes in future.
+        Lists occurred events, may be affected to changes in the future.
 
         :param uuid:
         :return: list of `Events`
@@ -1230,6 +1230,15 @@ def check_auth(self, username, password):
         """
         return self.pyload.db.check_auth(username, password)
 
+    def user_exists(self, username):
+        """
+        Check if a user actually exists in the database.
+
+        :param username:
+        :return: boolean
+        """
+        return self.pyload.db.user_exists(username)
+
     @legacy("isAuthorized")
     def is_authorized(self, func, userdata):
         """
diff --git a/src/pyload/core/database/user_database.py b/src/pyload/core/database/user_database.py
index 628da74711..607fa8373f 100644
--- a/src/pyload/core/database/user_database.py
+++ b/src/pyload/core/database/user_database.py
@@ -92,6 +92,11 @@ def set_permission(self, user, perms):
     def set_role(self, user, role):
         self.c.execute("UPDATE users SET role=? WHERE name=?", (role, user))
 
+    @style.queue
+    def user_exists(self, user):
+        self.c.execute("SELECT name FROM users WHERE name=?", (user,))
+        return self.c.fetchone() is not None
+
     @style.queue
     def list_users(self):
         self.c.execute("SELECT name FROM users")
diff --git a/src/pyload/webui/app/helpers.py b/src/pyload/webui/app/helpers.py
index 9f1e9c0703..6cdaf46ea4 100644
--- a/src/pyload/webui/app/helpers.py
+++ b/src/pyload/webui/app/helpers.py
@@ -164,9 +164,11 @@ def wrapper(*args, **kwargs):
 
 
 def is_authenticated(session=flask.session):
-    return session.get("name") and session.get(
-        "authenticated"
-    )  # NOTE: why checks name?
+    api = flask.current_app.config["PYLOAD_API"]
+    user = session.get("name")
+    authenticated = session.get("authenticated")
+
+    return authenticated and api.user_exists(user)
 
 
 def login_required(perm):