diff --git a/application/controllers/Header_auth.php b/application/controllers/Header_auth.php
index c51622dab..83ef2d3a3 100644
--- a/application/controllers/Header_auth.php
+++ b/application/controllers/Header_auth.php
@@ -64,11 +64,19 @@ class Header_auth extends CI_Controller {
             // Config check if create user
             if ($this->config->item('auth_header_create')) {
                 $this->_create_user($username, $email, $callsign, $firstname, $lastname);
+                $query = $this->user_model->get($username);
             } else {
                 $this->_sso_error(__("User not found."));
+                return;
             }
         }
 
+        if (!$query || $query->num_rows() !== 1) {
+            log_message('error', 'SSO Authentication: User could not be found or created.');
+            $this->_sso_error();
+            return;
+        }
+
         $user = $query->row();
 
         // Prevent clubstation direct login via header (mirrors User::login)