diff --git a/src/box/access.h b/src/box/access.h
index b0cbf366c4cafdc94261813ff62523d5fc363e50..385807aa4e37729031181450e945b76952ee21df 100644
--- a/src/box/access.h
+++ b/src/box/access.h
@@ -142,9 +142,12 @@ user_by_name(const char *name, uint32_t len);
 #define user()							\
 ({								\
 	struct session *s = session();				\
-	uint8_t auth_token = s ? s->auth_token : (int) ADMIN;	\
-	struct user *u = &users[auth_token];			\
-	assert(u->auth_token == auth_token);			\
+	struct user *u = &users[s->auth_token];			\
+	if (u->auth_token != s->auth_token ||			\
+	    u->uid != s->uid) {					\
+		tnt_raise(ClientError, ER_NO_SUCH_USER,		\
+			  int2str(s->uid));			\
+	}							\
 	u;							\
 })
 
diff --git a/test/box/access_bin.result b/test/box/access_bin.result
index 796a085ac0370c0f898497aeb16e9c2a94c35cc7..e9f6c586f8e8277036ac79b9356e7add9c755b2a 100644
--- a/test/box/access_bin.result
+++ b/test/box/access_bin.result
@@ -102,3 +102,48 @@ setuid_space:drop()
 ---
 ...
 --
+-- gh-530 "assertion failed"
+-- If a user is dropped, its session should not be usable
+-- any more
+--
+test = box.schema.space.create('test')
+---
+...
+test:create_index('primary')
+---
+...
+box.schema.user.create('test', {password='test'})
+---
+...
+box.schema.user.grant('test', 'read,write', 'space','test')
+---
+...
+box.schema.user.grant('test', 'read', 'space', '_space')
+---
+...
+box.schema.user.grant('test', 'read', 'space', '_index')
+---
+...
+net = require('net.box')
+---
+...
+c = net.new(LISTEN.host, LISTEN.service, {user = 'test', password='test'})
+---
+...
+c.space.test:insert{1}
+---
+- [1]
+...
+box.schema.user.drop('test')
+---
+...
+c.space.test:insert{1}
+---
+- error: User '3' is not found
+...
+c:close()
+---
+...
+test:drop()
+---
+...
diff --git a/test/box/access_bin.test.lua b/test/box/access_bin.test.lua
index 18f3d167f28dac7446dbec4e7af1bd913a415274..7ff79d2bb53c448ae0f5df8cfdfe8b95481af5b1 100644
--- a/test/box/access_bin.test.lua
+++ b/test/box/access_bin.test.lua
@@ -36,3 +36,21 @@ c:close()
 box.schema.func.drop('setuid_func')
 setuid_space:drop()
 --
+-- gh-530 "assertion failed"
+-- If a user is dropped, its session should not be usable
+-- any more
+--
+test = box.schema.space.create('test')
+test:create_index('primary')
+box.schema.user.create('test', {password='test'})
+box.schema.user.grant('test', 'read,write', 'space','test')
+box.schema.user.grant('test', 'read', 'space', '_space')
+box.schema.user.grant('test', 'read', 'space', '_index')
+net = require('net.box')
+c = net.new(LISTEN.host, LISTEN.service, {user = 'test', password='test'})
+c.space.test:insert{1}
+box.schema.user.drop('test')
+c.space.test:insert{1}
+c:close()
+test:drop()
+