diff --git a/src/session.rs b/src/session.rs
index 87700fa2c0068ed34ab022a28dda7f045dc57cd0..d4029a85bfb0f3de29a70b684f74b29f332376d5 100644
--- a/src/session.rs
+++ b/src/session.rs
@@ -59,7 +59,10 @@ impl<'a> FromRequest<'a> for Session {
 		unsafe {
 			if !SESSIONS.contains_key(&token) {
 				println!("Invalid Token: {:?},", token);
-				Outcome::Error((Status::Unauthorized, "Invalid Token"))
+				//remove the invalid token
+				req.cookies().remove_private("session-token");
+				// We forward so there can be not-logged in paths
+				return Outcome::Forward(Status::Unauthorized);
 			} else {
 				Outcome::Success(Session { token })
 			}