diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index 00dbbe1d74b..f1c56ba6847 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -72,6 +72,7 @@ class SessionController < ApplicationController
 
         if SiteSetting.must_approve_users? && !user.approved?
           render text: I18n.t("sso.account_not_approved"), status: 403
+          return
         else
           log_on_user user
         end