diff --git a/base.php b/base.php
index bfa1c30..b33f77a 100644
--- a/base.php
+++ b/base.php
@@ -20,6 +20,20 @@ if (isset($_SERVER['REQUEST_URI'])) {
 	unset($sessions);
 }
 
+function __session_delete($user) {
+	if (!file_exists('/tmp/apcontrol-sessions'))
+		return false;
+	$newsessions = [];
+	$sessions = explode("\n", trim(file_get_contents('/tmp/apcontrol-sessions')));
+	foreach ($sessions as $session) {
+		$ps = explode('.', $session);
+		if ($ps[0] !== $user)
+			$newsessions []= $session;
+	}
+	file_put_contents('/tmp/apcontrol-sessions', implode("\n", $newsessions));
+	return true;
+}
+
 if (!file_exists($GLOBALS['appconf']['data_dir']))
 	mkdir($GLOBALS['appconf']['data_dir']);
 
diff --git a/cli.php b/cli.php
index be5139c..3624c98 100644
--- a/cli.php
+++ b/cli.php
@@ -23,6 +23,7 @@ function cli__users($args) {
 		case 'add':
 			$args = array_slice($args, 1);
 			if (count($args) !== 2) $help();
+			__session_delete($args[0]);
 			$args[1] = hash_hmac('sha256', $args[1], $GLOBALS['appconf']['users_hash_secret']);
 			$users[$args[0]] = $args[1];
 			$msg = 'User "'.$args[0].'" has been succesfully saved.';
@@ -36,6 +37,7 @@ function cli__users($args) {
 				$msg = 'User "'.$args[0].'" does not exist.';
 			else {
 				unset($users[$args[0]]);
+				__session_delete($args[0]);
 				$msg = 'User "'.$args[0].'" has been succesfully deleted.';
 			}
 			break;
diff --git a/js/base.php b/js/base.php
index 9feeaff..dfc6855 100644
--- a/js/base.php
+++ b/js/base.php
@@ -248,6 +248,11 @@ const http = {
 				if (hit !== null) hit.remove();
 			}
 			if (callbk) {
+				if (this.status === 403) {
+					toast.error('Unautorized: session might have been closed');
+					setTimeout(function(){ window.location.href = '/' }, 4000);
+					return false;
+				}
 				const ps = _get_func_params(callbk);
 				if (ps.includes('data') || ps.includes('text') ||
 					ps.includes('html') || ps.includes('plain'))