diff --git a/src/server/authsupport.js b/src/server/authsupport.js
index 27bf7da07..672aa75de 100644
--- a/src/server/authsupport.js
+++ b/src/server/authsupport.js
@@ -1,6 +1,10 @@
 'use strict';
 
 const stillValid = token => {
+    if (!token) {
+        return false;
+    }
+
     try {
         const claims = claimsFrom(token);
         const expirationTime = parseInt(claims['exp']);
diff --git a/tests/server/authsupport.test.js b/tests/server/authsupport.test.js
index 4080cc258..53aee8505 100644
--- a/tests/server/authsupport.test.js
+++ b/tests/server/authsupport.test.js
@@ -29,10 +29,14 @@ test('invalid token has expiry in the past', async () => {
     expect(authsupport.stillValid(token)).toEqual(false);
 });
 
-test('missing token does not validate', async () => {
+test('null token does not validate', async () => {
     expect(authsupport.stillValid(null)).toEqual(false);
 });
 
+test('undefined token does not validate', async () => {
+    expect(authsupport.stillValid(undefined)).toEqual(false);
+});
+
 test('malformed token does not validate', async () => {
     expect(authsupport.stillValid('bogustext')).toEqual(false);
 });