diff --git a/http/session.go b/http/session.go
index 32506f7..e784d03 100644
--- a/http/session.go
+++ b/http/session.go
@@ -12,6 +12,10 @@ import (
 
 func (h *Handler) verifyLogin(c *gin.Context) (budgeteer.Token, error) {
 	tokenString := c.GetHeader("Authorization")
+	if len(tokenString) < 8 {
+		return nil, fmt.Errorf("no authorization header supplied")
+	}
+
 	tokenString = tokenString[7:]
 	token, err := h.TokenVerifier.VerifyToken(tokenString)
 	if err != nil {