diff --git a/inc/inc.ClassAuthenticationMiddleware.php b/inc/inc.ClassAuthenticationMiddleware.php
index 63cf98914..bd9b1c40d 100644
--- a/inc/inc.ClassAuthenticationMiddleware.php
+++ b/inc/inc.ClassAuthenticationMiddleware.php
@@ -35,8 +35,11 @@ class SeedDMS_Auth_Middleware_Session { /* {{{ */
 
 	private $container;
 
-	public function __construct($container) {
+	private $responsefactory;
+
+	public function __construct($container, $responsefactory) {
 		$this->container = $container;
+		$this->responsefactory = $responsefactory;
 	}
 
 	/**
@@ -73,6 +76,7 @@ class SeedDMS_Auth_Middleware_Session { /* {{{ */
 				/* Delete Cookie */
 				setcookie("mydms_session", $dms_session, time() - 3600, $settings->_httpRoot);
 				$logger->log("Session for id '" . $dms_session . "' has gone", PEAR_LOG_ERR);
+				$response = $this->responsefactory->createResponse();
 				return $response->withStatus(403);
 			}
 
@@ -83,6 +87,7 @@ class SeedDMS_Auth_Middleware_Session { /* {{{ */
 				setcookie("mydms_session", $dms_session, time() - 3600, $settings->_httpRoot);
 				if ($settings->_enableGuestLogin) {
 					if (!($userobj = $dms->getUser($settings->_guestID))) {
+						$response = $this->responsefactory->createResponse();
 						return $response->withStatus(403);
 					}
 				} else {
@@ -92,12 +97,14 @@ class SeedDMS_Auth_Middleware_Session { /* {{{ */
 			if ($userobj->isAdmin()) {
 				if ($resArr["su"]) {
 					if (!($userobj = $dms->getUser($resArr["su"]))) {
+						$response = $this->responsefactory->createResponse();
 						return $response->withStatus(403);
 					}
 				}
 			}
 			$dms->setUser($userobj);
 		} else {
+			$response = $this->responsefactory->createResponse();
 			return $response->withStatus(403);
 		}
 		$this->container->set('userobj', $userobj);