Index: lams_central/src/java/org/lamsfoundation/lams/web/LoginRequestServlet.java
===================================================================
diff -u -rc6867c1780952042c1c587da64b3002b60b31c85 -r8d67a5f1ec557dbb647a229cc9a5e2b0e1057e80
--- lams_central/src/java/org/lamsfoundation/lams/web/LoginRequestServlet.java	(.../LoginRequestServlet.java)	(revision c6867c1780952042c1c587da64b3002b60b31c85)
+++ lams_central/src/java/org/lamsfoundation/lams/web/LoginRequestServlet.java	(.../LoginRequestServlet.java)	(revision 8d67a5f1ec557dbb647a229cc9a5e2b0e1057e80)
@@ -134,7 +134,12 @@
 	    //in case of request for learner with strict authentication check cache should also contain lsid
 	    if (LoginRequestDispatcher.METHOD_LEARNER_STRICT_AUTHENTICATION.equals(method)) {
 		String lsId = request.getParameter(LoginRequestDispatcher.PARAM_LESSON_ID);
+		if (lsId == null) {
+		    response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Login Failed - lsId parameter missing");
+		    return;
+		}
 		Authenticator.authenticate(serverMap, timestamp, extUsername, method, lsId, hash);
+		
 	    } else {
 		Authenticator.authenticate(serverMap, timestamp, extUsername, method, hash);
 	    }