diff --git a/cache/.gitkeep b/cache/.gitkeep
old mode 100644
new mode 100755
diff --git a/lib/Alchemy/Phrasea/Controller/Root/SessionController.php b/lib/Alchemy/Phrasea/Controller/Root/SessionController.php
index 38a9e33535..72e621e364 100644
--- a/lib/Alchemy/Phrasea/Controller/Root/SessionController.php
+++ b/lib/Alchemy/Phrasea/Controller/Root/SessionController.php
@@ -47,22 +47,12 @@ class SessionController extends Controller
         ];
 
         $authenticator = $this->getAuthenticator();
-        // every request is catched by SessionManagerSubscriber, which handles disconnect
-        // so this code is probably useless
-        /*
-        if ($authenticator->isAuthenticated()) {
-            $usr_id = $authenticator->getUser()->getId();
-            if ($usr_id != $request->request->get('usr')) { // I logged with another user
-                $ret['status'] = 'disconnected';
 
-                return $this->app->json($ret);
-            }
-        } else {
+        if (!$authenticator->isAuthenticated()) {
             $ret['status'] = 'disconnected';
 
             return $this->app->json($ret);
         }
-        */
 
         try {
             $this->getApplicationBox()->get_connection();
diff --git a/lib/Alchemy/Phrasea/Core/Event/Subscriber/SessionManagerSubscriber.php b/lib/Alchemy/Phrasea/Core/Event/Subscriber/SessionManagerSubscriber.php
index 89990330e5..e14eaa1afe 100644
--- a/lib/Alchemy/Phrasea/Core/Event/Subscriber/SessionManagerSubscriber.php
+++ b/lib/Alchemy/Phrasea/Core/Event/Subscriber/SessionManagerSubscriber.php
@@ -70,8 +70,12 @@ class SessionManagerSubscriber implements EventSubscriberInterface
             return;
         }
 
+        $moduleIName= $this->getModuleName($request->getPathInfo());
         $moduleId = $this->getModuleId($request->getPathInfo());
 
+        if(is_null($moduleId) && $moduleIName !== "login") {
+            return;
+        }
         // if we are already disconnected (ex. from another window), quit immediately
         //
         if (!($this->app->getAuthenticator()->isAuthenticated())) {
diff --git a/lib/classes/eventsmanager/broker.php b/lib/classes/eventsmanager/broker.php
index d8b7c19819..fe0747dadc 100644
--- a/lib/classes/eventsmanager/broker.php
+++ b/lib/classes/eventsmanager/broker.php
@@ -211,6 +211,10 @@ class eventsmanager_broker
 
     public function get_notifications(int $offset=0, int $limit=10, $readFilter = self::READ | self::UNREAD, \Alchemy\Phrasea\Utilities\Stopwatch $stopwatch = null)
     {
+        if(!$this->app->getAuthenticatedUser()) {
+            return;
+        }
+
         if($stopwatch) $stopwatch->lap("broker start");
 
         // !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
diff --git a/tests/Alchemy/Tests/Phrasea/ApplicationTest.php b/tests/Alchemy/Tests/Phrasea/ApplicationTest.php
index 0c45d2c2c4..29be7cdf62 100644
--- a/tests/Alchemy/Tests/Phrasea/ApplicationTest.php
+++ b/tests/Alchemy/Tests/Phrasea/ApplicationTest.php
@@ -6,17 +6,17 @@ use Alchemy\Phrasea\Application;
 use Alchemy\Phrasea\Core\Configuration\Configuration;
 use Alchemy\Phrasea\Core\Configuration\HostConfiguration;
 use Alchemy\Phrasea\Core\Configuration\PropertyAccess;
+use Symfony\Component\BrowserKit\Cookie as BrowserCookie;
+use Symfony\Component\BrowserKit\CookieJar;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\HttpFoundation\ResponseHeaderBag;
 use Symfony\Component\HttpKernel\Client;
-use Symfony\Component\BrowserKit\CookieJar;
-use Symfony\Component\BrowserKit\Cookie as BrowserCookie;
-use Symfony\Component\Routing\Generator\UrlGenerator;
-use Symfony\Component\EventDispatcher\EventSubscriberInterface;
-use Symfony\Component\HttpKernel\KernelEvents;
 use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
+use Symfony\Component\HttpKernel\KernelEvents;
+use Symfony\Component\Routing\Generator\UrlGenerator;
 
 /**
  * @group functional
@@ -143,24 +143,6 @@ class ApplicationTest extends \PhraseanetTestCase
         $this->assertEquals('en_USA', $client->getResponse()->getContent());
     }
 
-    /**
-     * @covers Alchemy\Phrasea\Application
-     */
-    public function testFlashSession()
-    {
-        $app = new Application(Application::ENV_TEST);
-        $sessionId = null;
-        $app->post('/prod/upload/', function (Application $app) use (&$sessionId) {
-            $sessionId = $app['session']->getId();
-            return "";
-        });
-
-        $client = new Client($app);
-
-        $client->request('POST', '/prod/upload/', ['php_session_id'=>'123456'], [], ['HTTP_USER_AGENT'=>'flash']);
-        $this->assertEquals('123456', $sessionId);
-    }
-
     public function testGeneratePath()
     {
         $generator = $this->getMockBuilder('Symfony\Component\Routing\Generator\UrlGenerator')