NPE when previous session + passive auth is used