diff --git a/app/controller/perso.php b/app/controller/perso.php
index cf8c5dd0411a32d0dbdb8cc48d3c5d9ebcb2cfc9..5bc3e9085e8039682b8b3224007c9df61227b381 100644
--- a/app/controller/perso.php
+++ b/app/controller/perso.php
@@ -490,8 +490,11 @@ class Perso extends Controller
 
     public function cancel($f3, $params)
     {
+        if (!$f3->exists('SESSION.user')) {
+            $f3->reroute('/login');
+        }
         $db = $f3->get('DB');
-        $result = $db->query("SELECT identifier, user_id from identifiers where identifier like '".$params['id']."'");
+        $result = $db->query("SELECT identifier, user_id from identifiers where identifier like '".$params['id']."' and user_id='".\Utils::asl($f3->get('SESSION.id'))."'");
         $result = $result->fetch(\PDO::FETCH_ASSOC);
         if ($result) {
             $identifier = $result['identifier'];