diff --git a/hmdooris/__main__.py b/hmdooris/__main__.py
index ad50400..4346a76 100644
--- a/hmdooris/__main__.py
+++ b/hmdooris/__main__.py
@@ -93,7 +93,9 @@ def post_api_lock(id):
 @jinja2_view("not_authorized.html.j2")
 def not_authorized(error):
     code, msg = error.args
-    groups = request.session[auth.sess_attr]['groups'] if 'groups' in request.session[auth.sess_attr] else []
+    groups = []
+    if auth.sess_attr in request.session and 'groups' in request.session[auth.sess_attr]:
+        groups = request.session[auth.sess_attr]['groups']
     return {
         'user': auth.my_username,
         'ip': request.remote_addr,