diff --git a/app/controllers/user/sessions_controller.rb b/app/controllers/user/sessions_controller.rb
index bb72cb2c..8930deee 100644
--- a/app/controllers/user/sessions_controller.rb
+++ b/app/controllers/user/sessions_controller.rb
@@ -27,6 +27,11 @@ class User::SessionsController < Devise::SessionsController
   end
 
   def two_factor_entry
+    unless session.has_key? :user_sign_in_uid
+      redirect_to root_url
+      return
+    end
+
     self.resource = User.find(session[:user_sign_in_uid])
     render 'auth/two_factor_authentication'
   end
diff --git a/spec/controllers/user/sessions_controller_spec.rb b/spec/controllers/user/sessions_controller_spec.rb
new file mode 100644
index 00000000..fcca30a2
--- /dev/null
+++ b/spec/controllers/user/sessions_controller_spec.rb
@@ -0,0 +1,14 @@
+require 'rails_helper'
+
+describe User::SessionsController do
+  before do
+    @request.env["devise.mapping"] = Devise.mappings[:user]
+  end
+
+  describe "#two_factor_entry" do
+    subject { get :two_factor_entry }
+    it "redirects back to the home page if no sign in target is set" do
+      expect(subject).to redirect_to :root
+    end
+  end
+end
\ No newline at end of file