diff --git a/src/node/db/SecurityManager.js b/src/node/db/SecurityManager.js
index 19fc23c26..ff28ff8fe 100644
--- a/src/node/db/SecurityManager.js
+++ b/src/node/db/SecurityManager.js
@@ -129,7 +129,7 @@ exports.checkAccess = async function(padID, sessionCookie, token, password, user
     return DENY;
   }
 
-  const passwordExempt = settings.sessionNoPassword && sesionAuthorID != null;
+  const passwordExempt = settings.sessionNoPassword && sessionAuthorID != null;
   const requirePassword = pad.isPasswordProtected() && !passwordExempt;
   if (requirePassword) {
     if (password == null) {