diff --git a/internal/session/auth.go b/internal/session/auth.go
index 49c5fd68..2554b178 100644
--- a/internal/session/auth.go
+++ b/internal/session/auth.go
@@ -22,6 +22,10 @@ func (manager *SessionManagerCtx) Authenticate(r *http.Request) (types.Session,
 		return nil, fmt.Errorf("invalid password provided")
 	}
 
+	if !session.CanLogin() {
+		return nil, fmt.Errorf("login disabled")
+	}
+
 	return session, nil
 }