diff --git a/session/sess_file.go b/session/sess_file.go
index c089dade..db143522 100644
--- a/session/sess_file.go
+++ b/session/sess_file.go
@@ -19,6 +19,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
+	"errors"
 	"path"
 	"path/filepath"
 	"strings"
@@ -131,6 +132,9 @@ func (fp *FileProvider) SessionRead(sid string) (Store, error) {
 	if strings.ContainsAny(sid, "./") {
 		return nil, nil
 	}
+	if len(sid) < 2 {
+		return nil, errors.New("length of the sid is less than 2")
+	}
 	filepder.lock.Lock()
 	defer filepder.lock.Unlock()