diff --git a/openbis/source/java/ch/ethz/sis/openbis/generic/server/SingleSignOnServlet.java b/openbis/source/java/ch/ethz/sis/openbis/generic/server/SingleSignOnServlet.java
index 92d921689a1817ad4420d3900640c139cdf975f0..a2ec8176f5403ac11ff0f02a23af4222be325b56 100644
--- a/openbis/source/java/ch/ethz/sis/openbis/generic/server/SingleSignOnServlet.java
+++ b/openbis/source/java/ch/ethz/sis/openbis/generic/server/SingleSignOnServlet.java
@@ -51,6 +51,8 @@ import ch.systemsx.cisd.openbis.generic.shared.dto.Session;
 @Controller
 public class SingleSignOnServlet extends AbstractServlet
 {
+    private static final String OPENBIS_COOKIE = "openbis";
+
     public static final String SERVLET_NAME = "ssos";
 
     public static final String SESSION_ID_KEY = "session-id-key";
@@ -111,17 +113,20 @@ public class SingleSignOnServlet extends AbstractServlet
         operationLog.info("handle sso event");
         removeStaleSessions();
         String sessionId = getHeader(request, SESSION_ID_KEY, DEFAULT_SESSION_ID_KEY);
-        String sessionToken = sessionTokenBySessionId.get(sessionId);
-        String returnURL = request.getParameter("return");
-        if (returnURL != null)
-        {
-            handleLogOut(request, response, sessionId, sessionToken, returnURL);
-        } else
+        synchronized (this)
         {
-            handleLogIn(request, response, sessionId, sessionToken);
+            String sessionToken = sessionTokenBySessionId.get(sessionId);
+            String returnURL = request.getParameter("return");
+            if (returnURL != null)
+            {
+                handleLogOut(request, response, sessionId, sessionToken, returnURL);
+            } else
+            {
+                handleLogIn(request, response, sessionId, sessionToken);
+            }
         }
     }
-    
+
     private void removeStaleSessions()
     {
         for (Entry<String, String> entry : new ArrayList<>(sessionTokenBySessionId.entrySet()))
@@ -193,7 +198,7 @@ public class SingleSignOnServlet extends AbstractServlet
         String redirectUrl = configurer.getResolvedProps().getProperty(REDIRECT_URL_KEY, template.createText());
         operationLog.info("redirect to " + redirectUrl);
         removeOpenbisCookies(request, response);
-        Cookie cookie = new Cookie("openbis", sessionToken);
+        Cookie cookie = new Cookie(OPENBIS_COOKIE, sessionToken);
         cookie.setPath("/");
         response.addCookie(cookie);
         response.sendRedirect(redirectUrl);
@@ -204,7 +209,7 @@ public class SingleSignOnServlet extends AbstractServlet
         Cookie[] cookies = request.getCookies();
         for (Cookie cookie : cookies)
         {
-            if (cookie.getName().equals("openbis"))
+            if (cookie.getName().equals(OPENBIS_COOKIE))
             {
                 cookie.setValue("");
                 cookie.setPath("/");