diff --git a/ajax/sessionController.php b/ajax/sessionController.php
index 2d9820a5..69ff8067 100644
--- a/ajax/sessionController.php
+++ b/ajax/sessionController.php
@@ -23,6 +23,9 @@ class SessionController extends Controller{
 		try {
 			$token = Helper::getArrayValueByKey($args, 'token');
 			$file = File::getByShareToken($token);
+			if ($file->isPasswordProtected() && !$file->checkPassword('')){
+				throw new \Exception('Not authorized');
+			}
 			$session = Db\Session::start($uid, $file);
 			\OCP\JSON::success($session);
 		} catch (\Exception $e){
diff --git a/lib/file.php b/lib/file.php
index 16df11b5..24303102 100644
--- a/lib/file.php
+++ b/lib/file.php
@@ -95,7 +95,7 @@ class File {
 	public function isPasswordProtected(){
 		return $this->passwordProtected;
 	}
-	
+
 	public function checkPassword($password){
 		$shareId  = $this->getShareId();
 		if (!$this->isPasswordProtected()