diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 5689de3995f76..39b2341278d8c 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -858,6 +858,13 @@ public function tryTokenLogin(IRequest $request) {
 			return false;
 		}
 
+		// Check if the request had sent a cookie with the instance id as name
+		// If there is no cookie, this is a new session
+		$instanceId = $this->config->getSystemValueString('instanceid');
+		if (is_null($request->getCookie($instanceId))) {
+			return false;
+		}
+
 		try {
 			$dbToken = $this->tokenProvider->getToken($token);
 		} catch (InvalidTokenException $e) {