1 files changed, 6 insertions, 5 deletions

diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java
index dc517277e..2f357a309 100644
--- a/src/main/java/org/traccar/api/resource/SessionResource.java
+++ b/src/main/java/org/traccar/api/resource/SessionResource.java
@@ -79,8 +79,8 @@ public class SessionResource extends BaseResource {
 
         if (token != null) {
             LoginResult loginResult = loginService.login(token);
-            User user = loginResult.getUser();
-            if (user != null) {
+            if (loginResult != null) {
+                User user = loginResult.getUser();
                 request.getSession().setAttribute(USER_ID_KEY, user.getId());
                 request.getSession().setAttribute(EXPIRATION_KEY, loginResult.getExpiration());
                 LogAction.login(user.getId(), WebHelper.retrieveRemoteAddress(request));
@@ -116,9 +116,9 @@ public class SessionResource extends BaseResource {
             @FormParam("email") String email,
             @FormParam("password") String password,
             @FormParam("code") Integer code) throws StorageException {
-        User user;
+        LoginResult loginResult;
         try {
-            user = loginService.login(email, password, code).getUser();
+            loginResult = loginService.login(email, password, code);
         } catch (CodeRequiredException e) {
             Response response = Response
                     .status(Response.Status.UNAUTHORIZED)
@@ -126,7 +126,8 @@ public class SessionResource extends BaseResource {
                     .build();
             throw new WebApplicationException(response);
         }
-        if (user != null) {
+        if (loginResult != null) {
+            User user = new User();
             request.getSession().setAttribute(USER_ID_KEY, user.getId());
             LogAction.login(user.getId(), WebHelper.retrieveRemoteAddress(request));
             return user;