diff --git a/cmd/rdpgw/api/basic.go b/cmd/rdpgw/api/basic.go
index d2540ba726984f55519625432b023601b18b70d7..8085519b77a4aabe95e77dd815222f1440b159fe 100644
--- a/cmd/rdpgw/api/basic.go
+++ b/cmd/rdpgw/api/basic.go
@@ -48,7 +48,6 @@ func (c *Config) BasicAuth(next http.HandlerFunc) http.HandlerFunc {
 				log.Printf("User %s is not authenticated for this service", username)
 			} else {
 				ctx := context.WithValue(r.Context(), "preferred_username", username)
-				ctx = context.WithValue(ctx, "access_token", "EMPTY")
 				next.ServeHTTP(w, r.WithContext(ctx))
 				return
 			}
diff --git a/cmd/rdpgw/security/basic.go b/cmd/rdpgw/security/basic.go
index c7e6f9622cacc2120db03f6a2a2aa7d8b8cf8033..595fe81cba2b6444ebdfabb4eb6b0e965a9f13c1 100644
--- a/cmd/rdpgw/security/basic.go
+++ b/cmd/rdpgw/security/basic.go
@@ -21,13 +21,19 @@ func CheckHost(ctx context.Context, host string) (bool, error) {
 		// todo get from context?
 		return false, errors.New("cannot verify host in 'signed' mode as token data is missing")
 	case "roundrobin", "unsigned":
+		var username string
+
 		log.Printf("Checking host")
 		s := getSessionInfo(ctx)
 		if s == nil {
-			return false, errors.New("no valid session info found in context")
+			var ok bool
+			username, ok = ctx.Value("preferred_username").(string)
+			if !ok {
+				return false, errors.New("no valid session info or username found in context")
+			}
 		}
 		for _, h := range Hosts {
-			if s.UserName != "" {
+			if username != "" {
 				h = strings.Replace(h, "{{ preferred_username }}", s.UserName, 1)
 			}
 			if h == host {