Index: lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java
===================================================================
diff -u -rfd43a187f3eba4f64c02caf4ba1fcd86c3255883 -r64e2a1ce9e655e57385d39551f6344df87dd4cd4
--- lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	(.../UniversalLoginModule.java)	(revision fd43a187f3eba4f64c02caf4ba1fcd86c3255883)
+++ lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	(.../UniversalLoginModule.java)	(revision 64e2a1ce9e655e57385d39551f6344df87dd4cd4)
@@ -273,13 +273,17 @@
 	    UniversalLoginModule.themeService = (IThemeService) ctx.getBean("themeService");
 	}
 
-	// allow sysadmin to login as another user; in this case, the LAMS shared session will be present,
-	// allowing the following check to work
-	if (UniversalLoginModule.userManagementService.isUserSysAdmin()) {
-	    if (UniversalLoginModule.log.isDebugEnabled()) {
-		UniversalLoginModule.log.debug("Authenticated sysadmin");
+	// there is no session if the request did not go through SsoHandler
+	// it happens on session failover
+	if (SessionManager.getSession() != null) {
+	    // allow sysadmin to login as another user; in this case, the LAMS shared session will be present,
+	    // allowing the following check to work
+	    if (UniversalLoginModule.userManagementService.isUserSysAdmin()) {
+		if (UniversalLoginModule.log.isDebugEnabled()) {
+		    UniversalLoginModule.log.debug("Authenticated sysadmin");
+		}
+		return true;
 	    }
-	    return true;
 	}
 
 	String userName = getUserName();