diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
index 56f29ba29..b52e85db5 100644
--- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
+++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
@@ -579,6 +579,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 		prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_REMOVE_USER, new Tuple(null, existingUser)));
 
 		// delegate user removal to persistence handler
+		invalidSessionsFor(existingUser);
 		this.persistenceHandler.removeUser(username);
 
 		logger.info("Removed user " + username);
@@ -1070,6 +1071,19 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 		}
 	}
 
+	private void invalidSessionsFor(User user) {
+		List<PrivilegeContext> ctxs;
+		synchronized (this.privilegeContextMap) {
+			ctxs = new ArrayList<>(this.privilegeContextMap.values());
+		}
+
+		for (PrivilegeContext ctx : ctxs) {
+			if (ctx.getUserRep().getUsername().equals(user.getUsername())) {
+				invalidate(ctx.getCertificate());
+			}
+		}
+	}
+
 	@Override
 	public void initiateChallengeFor(Usage usage, String username) {
 		initiateChallengeFor(usage, username, SOURCE_UNKNOWN);