diff --git a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
index c8c01b9c2..88ba59239 100644
--- a/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
+++ b/src/cpp/HTTPInterface/PageRequestHandlerFactory.cpp
@@ -323,7 +323,7 @@ Poco::Net::HTTPRequestHandler* PageRequestHandlerFactory::handleCheckEmail(Sessi
 	if (session) {
 		auto user_host = request.clientAddress().host();
 		session->setClientIp(user_host);
-
+		assert(session->getUser());
 		if (session->getUser()->isEmptyPassword()) {
 			// user has no password, maybe account created from elopage webhook
 			auto pageRequestHandler = new UpdateUserPasswordPage(session);
diff --git a/src/cpp/SingletonManager/SessionManager.cpp b/src/cpp/SingletonManager/SessionManager.cpp
index 3b197613c..46b25e8b2 100644
--- a/src/cpp/SingletonManager/SessionManager.cpp
+++ b/src/cpp/SingletonManager/SessionManager.cpp
@@ -349,7 +349,7 @@ Session* SessionManager::findByEmailVerificationCode(const Poco::UInt64& emailVe
 	auto email_verification = controller::EmailVerificationCode::load(emailVerificationCode);
 	if (email_verification.isNull()) return nullptr;
 	auto email_verification_model = email_verification->getModel();
-	assert(email_verification_model->getUserId() > 0);
+	assert(email_verification_model && email_verification_model->getUserId() > 0);
 
 	auto session = findByUserId(email_verification_model->getUserId());
 	if (session) {
@@ -372,6 +372,7 @@ Session* SessionManager::findByUserId(int userId)
 	//mWorkingMutex.lock();
 	for (auto it = mRequestSessionMap.begin(); it != mRequestSessionMap.end(); it++) {
 		auto user = it->second->getNewUser();
+		assert(user && user->getModel() && user->getModel()->getID());
 		if (userId == user->getModel()->getID()) {
 			return it->second;
 		}
diff --git a/src/cpp/model/Session.cpp b/src/cpp/model/Session.cpp
index 722bc12d7..13b359640 100644
--- a/src/cpp/model/Session.cpp
+++ b/src/cpp/model/Session.cpp
@@ -429,6 +429,7 @@ int Session::updateEmailVerification(Poco::UInt64 emailVerificationCode)
 		return -2;
 	}
 	auto email_verification_code_model = mEmailVerificationCodeObject->getModel();
+	assert(email_verification_code_model);
 	if(email_verification_code_model->getCode() == emailVerificationCode) {
 		if (mSessionUser && mSessionUser->getDBId() == 0) {
 			//addError(new Error("E-Mail Verification", "Benutzer wurde nicht richtig gespeichert, bitte wende dich an den Server-Admin"));
@@ -440,7 +441,7 @@ int Session::updateEmailVerification(Poco::UInt64 emailVerificationCode)
 		}
 		
 		// load correct user from db
-		if (mNewUser.isNull() || mNewUser->getModel()->getID() != email_verification_code_model->getUserId()) {
+		if (mNewUser.isNull() || !mNewUser->getModel() || mNewUser->getModel()->getID() != email_verification_code_model->getUserId()) {
 			mNewUser = controller::User::create();
 			if (1 != mNewUser->load(email_verification_code_model->getUserId())) {
 				em->addError(new ParamError(funcName, "user load didn't return 1 with user_id ", email_verification_code_model->getUserId()));
@@ -451,6 +452,7 @@ int Session::updateEmailVerification(Poco::UInt64 emailVerificationCode)
 		}
 
 		auto user_model = mNewUser->getModel();
+		assert(user_model);
 		bool first_email_activation = false;
 		auto verification_type = email_verification_code_model->getType();
 		if (model::table::EMAIL_OPT_IN_REGISTER == verification_type || 
@@ -1024,6 +1026,7 @@ bool Session::loadFromEmailVerificationCode(Poco::UInt64 emailVerificationCode)
 	}
 
 	mNewUser = controller::User::create();
+	assert(mEmailVerificationCodeObject->getModel() && mEmailVerificationCodeObject->getModel()->getUserId());
 	mNewUser->load(mEmailVerificationCodeObject->getModel()->getUserId());
 	if (mNewUser->getModel()->errorCount() > 0) {
 		mNewUser->getModel()->sendErrorsAsEmail();