diff --git a/oauthproxy.go b/oauthproxy.go
index c91441b..9f099df 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -298,6 +298,7 @@ func (p *OauthProxy) ProcessCookie(rw http.ResponseWriter, req *http.Request) (e
 	}
 	if err != nil {
 		log.Printf(err.Error())
+		ok = false
 	} else if p.CookieRefresh != time.Duration(0) {
 		refresh_threshold := time.Now().Add(p.CookieRefresh)
 		if refresh_threshold.Unix() > timestamp.Unix() {
diff --git a/oauthproxy_test.go b/oauthproxy_test.go
index 1823896..2627341 100644
--- a/oauthproxy_test.go
+++ b/oauthproxy_test.go
@@ -474,6 +474,17 @@ func TestProcessCookieNoCookieError(t *testing.T) {
 	assert.Equal(t, false, ok)
 }
 
+func TestProcessCookieFailIfParsingCookieValueFails(t *testing.T) {
+	pc_test := NewProcessCookieTest()
+	value, _ := buildCookieValue("michael.bland@gsa.gov",
+		pc_test.proxy.AesCipher, "my_access_token")
+	pc_test.req.AddCookie(pc_test.proxy.MakeCookie(
+		pc_test.req, value+"some bogus bytes",
+		pc_test.opts.CookieExpire))
+	_, _, _, ok := pc_test.ProcessCookie()
+	assert.Equal(t, false, ok)
+}
+
 func TestProcessCookieRefreshNotSet(t *testing.T) {
 	pc_test := NewProcessCookieTest()
 	pc_test.InstantiateBackend()