diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8e2a308644..c9fb51d9eb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,5 @@
 - Tasks: fix several bugs in ICS import
+- OAuth2 client: return more informative exception if a session variable is missing.
 
 12-12-2024: 6.8.90
 - Core: Show database error on upgrade
diff --git a/www/go/modules/community/oauth2client/controller/Oauth2Client.php b/www/go/modules/community/oauth2client/controller/Oauth2Client.php
index 0d6096c2aa..f22f722413 100644
--- a/www/go/modules/community/oauth2client/controller/Oauth2Client.php
+++ b/www/go/modules/community/oauth2client/controller/Oauth2Client.php
@@ -62,9 +62,9 @@ public function callback()
 		if (!empty($_GET['error'])) {
 			throw new Exception(500, 'Got error: ' . htmlspecialchars($_GET['error'], ENT_QUOTES));
 		}
-//		if (!isset($_SESSION['accountId'])) {
-//			throw new Exception(500, 'Invalid parameter');
-//		}
+		if (!isset($_SESSION['accountId']) || !isset($_SESSION['oauth2state'])) {
+			throw new Exception(500, 'A session variable is missing. Please retry with a new session.');
+		}
 
 		if (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {