diff --git a/avers-server.cabal b/avers-server.cabal
--- a/avers-server.cabal
+++ b/avers-server.cabal
@@ -1,5 +1,5 @@
 name:                avers-server
-version:             0.0.19.0
+version:             0.1.0
 synopsis:            Server implementation of the Avers API
 description:         Server implementation of the Avers API
 homepage:            http://github.com/wereHamster/avers-server
@@ -39,7 +39,6 @@
    , containers
    , cookie
    , cryptonite
-   , either
    , http-types
    , memory
    , mtl
diff --git a/src/Avers/Server.hs b/src/Avers/Server.hs
--- a/src/Avers/Server.hs
+++ b/src/Avers/Server.hs
@@ -68,7 +68,8 @@
 credentialsObjId :: Handle -> Credentials -> Handler ObjId
 credentialsObjId aversH cred = do
     errOrObjId <- case cred of
-        SessionIdCredential sId -> liftIO $ evalAvers aversH $
+        CredAnonymous -> throwError err401
+        CredSessionId sId -> liftIO $ evalAvers aversH $
             sessionObjId <$> lookupSession sId
 
     case errOrObjId of
@@ -296,7 +297,8 @@
     serveChangeSecret cred ChangeSecretBody{..} = do
         reqAvers aversH $ do
             Session{..} <- case cred of
-                SessionIdCredential sId -> lookupSession sId
+                CredAnonymous -> throwError NotAuthorized
+                CredSessionId sId -> lookupSession sId
 
             updateSecret (SecretId $ unObjId sessionObjId) csbNewSecret
 
diff --git a/src/Avers/Server/Authorization.hs b/src/Avers/Server/Authorization.hs
--- a/src/Avers/Server/Authorization.hs
+++ b/src/Avers/Server/Authorization.hs
@@ -47,19 +47,22 @@
     , lookupObjectAuthz = \cred objId ->
         [ sufficient $ do
             session <- case cred of
-                SessionIdCredential sId -> lookupSession sId
+                CredAnonymous -> throwError NotAuthorized
+                CredSessionId sId -> lookupSession sId
             sessionCreatedObject session objId
         ]
     , patchObjectAuthz = \cred objId _ ->
         [ sufficient $ do
             session <- case cred of
-                SessionIdCredential sId -> lookupSession sId
+                CredAnonymous -> throwError NotAuthorized
+                CredSessionId sId -> lookupSession sId
             sessionCreatedObject session objId
         ]
     , deleteObjectAuthz = \cred objId ->
         [ sufficient $ do
             session <- case cred of
-                SessionIdCredential sId -> lookupSession sId
+                CredAnonymous -> throwError NotAuthorized
+                CredSessionId sId -> lookupSession sId
             sessionCreatedObject session objId
         ]
     , uploadBlobAuthz = \_ _ -> [pure AllowR]
diff --git a/src/Avers/Server/Instances.hs b/src/Avers/Server/Instances.hs
--- a/src/Avers/Server/Instances.hs
+++ b/src/Avers/Server/Instances.hs
@@ -43,10 +43,10 @@
                 mbSessionIdText = lookup "session" =<< fmap parseCookiesText mbCookieHeaders
 
             case mbSessionIdText of
-                Nothing -> delayedFailFatal err401
+                Nothing -> pure CredAnonymous
                 Just sessionIdText -> case parseQueryParam sessionIdText of
-                    Left _ -> delayedFailFatal err401
-                    Right sId -> pure $ SessionIdCredential $ SessionId sId
+                    Left _ -> delayedFailFatal err400
+                    Right sId -> pure $ CredSessionId $ SessionId sId
 
 
 
