diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 408ebffb3903e..9a5713630c5b7 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -780,7 +780,7 @@ private function validateToken($token, $user = null) {
 	 * Check if login names match
 	 */
 	private function validateTokenLoginName(?string $loginName, IToken $token): bool {
-		if ($token->getLoginName() !== $loginName) {
+		if (mb_strtolower($token->getLoginName()) !== mb_strtolower($loginName ?? '')) {
 			// TODO: this makes it impossible to use different login names on browser and client
 			// e.g. login by e-mail 'user@example.com' on browser for generating the token will not
 			//      allow to use the client token with the login name 'user'.