diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
index 85babb76e35..55b2dc8c0f6 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
@@ -257,7 +257,21 @@ public class FormAuthenticator extends LoginAuthenticator
         if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())) &&!DeferredAuthentication.isDeferred(response))
             return new DeferredAuthentication(this);
 
-        HttpSession session = request.getSession(true);
+        HttpSession session = null;
+        try
+        {
+            session = request.getSession(true);
+        }
+        catch (Exception e)
+        {
+            if (LOG.isDebugEnabled())
+                LOG.debug(e);
+        }
+        
+        //if unable to create a session, user must be
+        //unauthenticated
+        if (session == null)
+            return Authentication.UNAUTHENTICATED;
 
         try
         {