diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 97c1db23c90ccc03975cdb57a1cffb775805ff52..5492a951414ae2537f944fb61a9fc08523f3c016 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -270,7 +270,7 @@ class SimpleSAML_Session implements Serializable
         }
 
         // if getSession() found it, use it
-        if ($session !== null) {
+        if ($session instanceof SimpleSAML_Session) {
             return self::load($session);
         }
 
@@ -311,7 +311,7 @@ class SimpleSAML_Session implements Serializable
      *
      * @param string|null $sessionId The session we should get, or null to get the current session.
      *
-     * @return SimpleSAML_Session The session that is stored in the session handler, or null if the session wasn't
+     * @return SimpleSAML_Session|null The session that is stored in the session handler, or null if the session wasn't
      * found.
      */
     public static function getSession($sessionId = null)
diff --git a/lib/SimpleSAML/SessionHandlerPHP.php b/lib/SimpleSAML/SessionHandlerPHP.php
index 0cf8d074eb3363033058490918a4121bf5f9a4d8..16f2f7d7a22871ef37456dd4fe52bbce01f29acf 100644
--- a/lib/SimpleSAML/SessionHandlerPHP.php
+++ b/lib/SimpleSAML/SessionHandlerPHP.php
@@ -266,9 +266,8 @@ class SessionHandlerPHP extends SessionHandler
         assert('is_string($session)');
 
         $session = unserialize($session);
-        assert('$session instanceof SimpleSAML_Session');
 
-        return $session;
+        return ($session !== false) ? $session : null;
     }