diff --git a/src/oidcserver.js b/src/oidcserver.js
index df4197321..e32c59540 100644
--- a/src/oidcserver.js
+++ b/src/oidcserver.js
@@ -457,7 +457,7 @@ async function interactionConfirm(req, res, next) {
 
     const user = await users.get(accountId);
     if (!user) return next(new Error('User not found'));
-    user.ghost = lastSubmission.ghost; // restore ghost flag
+    user.ghost = lastSubmission ? lastSubmission.ghost : false; // restore ghost flag
 
     // Check if user has access to the app if client refers to an app
     if (client.appId) {