diff --git a/VERSION b/VERSION
index 0f52e09a..4abd817f 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-Version 2.4.6-stable+timestamp.2013.04.28.23.04.43
+Version 2.4.6-stable+timestamp.2013.04.28.23.09.04
diff --git a/gluon/html.py b/gluon/html.py
index 6a950537..53462c12 100644
--- a/gluon/html.py
+++ b/gluon/html.py
@@ -1995,7 +1995,7 @@ class FORM(DIV):
         if session is not None:
             formkey = session.get('_formkey[%s]' % formname, None)
             # check if user tampering with form and void CSRF
-            if formkey != request_vars._formkey:
+            if not formkey or formkey != request_vars._formkey:
                 status = False
         if formname != request_vars._formname:
             status = False