diff --git a/src/main/java/info/magnolia/cms/security/cas/CASModule.java b/src/main/java/info/magnolia/cms/security/cas/CASModule.java
index eb3235d..eb8539a 100644
--- a/src/main/java/info/magnolia/cms/security/cas/CASModule.java
+++ b/src/main/java/info/magnolia/cms/security/cas/CASModule.java
@@ -221,10 +221,6 @@ public class CASModule implements ModuleLifecycle, EnterpriseLicensedModule {
     }
 
     public void printLoginError(HttpServletRequest request, HttpServletResponse response, String message) {
-        // log them out so they can refresh after someone fixes their permissions
-        if (request.getSession(false) != null) {
-            request.getSession().invalidate();
-        }
         try {
             response.getWriter().write(message);
         } catch (Exception e) {
@@ -236,6 +232,10 @@ public class CASModule implements ModuleLifecycle, EnterpriseLicensedModule {
         printLoginError(request, response, getCasUnauthorizedMessage());
     }
     public void printUnrecognizedError(HttpServletRequest request, HttpServletResponse response) {
+        // log them out so they can refresh after someone fixes their permissions
+        if (request.getSession(false) != null) {
+            request.getSession().invalidate();
+        }
         printLoginError(request, response, getCasUnrecognizedUserMessage());
     }
 }