diff --git a/main_test.go b/main_test.go
index c94c4ef..9ad55ed 100644
--- a/main_test.go
+++ b/main_test.go
@@ -348,6 +348,32 @@ func TestIntegrationAuth(t *testing.T) {
 			assert.NotNil(t, newSession)
 			assert.NotEqual(t, "", newSession.Value)
 		})
+		t.Run("should not have access to user information with outdated session", func(t *testing.T) {
+			t.Parallel()
+
+			d, basePath, ctx := setupIntegrationTest(t)
+
+			userId := uuid.New()
+			sessionId := "session-id"
+
+			_, err := d.Exec(`
+				INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at) 
+				VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, userId, []byte("pass"), []byte("salt"))
+			assert.Nil(t, err)
+			_, err = d.Exec(`
+				INSERT INTO session (session_id, user_id, created_at, expires_at)
+				VALUES (?, ?, datetime("now", "-8 hour"), datetime("now", "-1 minute"))`, sessionId, userId)
+			assert.Nil(t, err)
+
+			req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/workout", nil)
+			assert.Nil(t, err)
+			req.Header.Set("Cookie", "id="+sessionId)
+			resp, err := httpClient.Do(req)
+			assert.Nil(t, err)
+
+			assert.Equal(t, http.StatusSeeOther, resp.StatusCode)
+			assert.Equal(t, "/auth/signin", resp.Header.Get("Location"))
+		})
 	})
 }