diff --git a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
index ed44c5d281..0ffe7af97e 100644
--- a/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
+++ b/openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
@@ -41,6 +41,7 @@ import org.openid4java.message.ax.FetchResponse;
 
 /**
  * @author Ray Krueger
+ * @author Rob Winch
  */
 public class OpenID4JavaConsumer implements OpenIDConsumer {
     private static final String DISCOVERY_INFO_KEY = DiscoveryInformation.class.getName();
@@ -114,6 +115,10 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
         // retrieve the previously stored discovery information
         DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
 
+        if (discovered == null) {
+            throw new OpenIDConsumerException("DiscoveryInformation is not available. Possible causes are lost session or replay attack");
+        }
+
         // extract the receiving URL from the HTTP request
         StringBuffer receivingURL = request.getRequestURL();
         String queryString = request.getQueryString();
diff --git a/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
new file mode 100644
index 0000000000..0159bb593d
--- /dev/null
+++ b/openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2002-2012 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package org.springframework.security.openid;
+
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+/**
+ * @author Luke Taylor
+ * @author Rob Winch
+ */
+public class OpenID4JavaConsumerTests {
+
+    @Test(expected=OpenIDConsumerException.class)
+    public void missingDiscoveryInformationThrowsException() throws Exception {
+        OpenID4JavaConsumer consumer = new OpenID4JavaConsumer();
+        consumer.endConsumption(new MockHttpServletRequest());
+    }
+}