diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
index d99a389be7..7f30605acf 100644
--- a/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/BaseKerberosAuthenticationFilter.java
@@ -338,6 +338,8 @@ public abstract class BaseKerberosAuthenticationFilter extends BaseSSOAuthentica
                 if ( getLogger().isErrorEnabled())
                     getLogger().error("Failed to validate user " + user.getUserName(), ex);
                 
+                removeSessionUser( httpSess);
+                
                 reqAuth = true;
             }
         }
diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java
index 93b42534c9..d76519d712 100644
--- a/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/BaseNTLMAuthenticationFilter.java
@@ -250,6 +250,8 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
                 if (getLogger().isErrorEnabled())
                     getLogger().error("Failed to validate user " + user.getUserName(), ex);
                 
+                removeSessionUser( httpSess);
+                
                 reqAuth = true;
             }
         }
@@ -536,6 +538,8 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
                 if (logger.isErrorEnabled())
                     logger.error("Failed to validate user " + user.getUserName(), ex);
                 
+                removeSessionUser(session);
+                
                 onValidateFailed(req, res, session);
                 return;
             }
@@ -659,6 +663,8 @@ public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthentication
                         if (logger.isErrorEnabled())
                             logger.error("Failed to validate user " + user.getUserName(), ex);
                         
+                        removeSessionUser(session);
+                        
                         onValidateFailed(req, res, session);
                         return;
                     }
diff --git a/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java b/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
index 67fed59005..e1e7821a13 100644
--- a/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
+++ b/source/java/org/alfresco/repo/webdav/auth/BaseSSOAuthenticationFilter.java
@@ -249,6 +249,14 @@ public abstract class BaseSSOAuthenticationFilter implements Filter
         return (SessionUser)session.getAttribute( getUserAttributeName());
     }
     
+    /**
+     * Remove the user from the session - after failed ticket auth
+     */
+    protected void removeSessionUser(HttpSession session)
+    {
+        session.removeAttribute( getUserAttributeName());
+    }
+    
     /**
      * Return the user object session attribute name
      *