diff --git a/backend/globaleaks/handlers/base.py b/backend/globaleaks/handlers/base.py
index 1061233e9f..c019a26918 100644
--- a/backend/globaleaks/handlers/base.py
+++ b/backend/globaleaks/handlers/base.py
@@ -341,7 +341,7 @@ def process_file_upload(self):
         file_id = self.request.args[b'flowIdentifier'][0].decode()
 
         if file_id not in self.state.TempUploadFiles:
-            if self.session.user_role == 'whistleblower':
+            if self.session and self.session.user_role == 'whistleblower':
                 State.RateLimitingTable.check(self.request.path + b'#' + self.session.user_id.encode(),
                                               State.tenants[1].cache.threshold_attachments_per_hour_per_report)
                 State.RateLimitingTable.check(self.request.path + b'#' + self.request.client_ip.encode(),