diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 1f2eaadc12e69c317aad63855a7125cdebb7d612..37d518b61231d0e14e50956606d65d86864a2079 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -814,15 +814,15 @@ class Session implements IUserSession, Emitter {
 	 */
 	public function tryTokenLogin(IRequest $request) {
 		$authHeader = $request->getHeader('Authorization');
-		if (strpos($authHeader, 'Bearer ') === false) {
+		if (strpos($authHeader, 'Bearer ') === 0) {
+			$token = substr($authHeader, 7);
+		} else {
 			// No auth header, let's try session id
 			try {
 				$token = $this->session->getId();
 			} catch (SessionNotAvailableException $ex) {
 				return false;
 			}
-		} else {
-			$token = substr($authHeader, 7);
 		}
 
 		if (!$this->loginWithToken($token)) {