diff --git a/lib/actions/authorization/resume.js b/lib/actions/authorization/resume.js
index 42f96695b..3c2793747 100644
--- a/lib/actions/authorization/resume.js
+++ b/lib/actions/authorization/resume.js
@@ -17,7 +17,7 @@ module.exports = function getResumeAction(provider, whitelist, resumeRouteName)
       throw new SessionNotFound('authorization request has expired');
     }
 
-    const interactionSession = await provider.Session.find(cookieId, { upsert: false });
+    const interactionSession = await provider.Session.find(cookieId);
     if (!interactionSession) {
       throw new SessionNotFound('interaction session not found');
     }
diff --git a/lib/models/session.js b/lib/models/session.js
index 098ba5351..6b10fb324 100644
--- a/lib/models/session.js
+++ b/lib/models/session.js
@@ -1,5 +1,4 @@
 const assert = require('assert');
-const { deprecate } = require('util');
 
 const uuid = require('uuid/v4');
 const hash = require('object-hash');
@@ -7,8 +6,6 @@ const hash = require('object-hash');
 const epochTime = require('../helpers/epoch_time');
 const instance = require('../helpers/weak_cache');
 
-const deprecated = deprecate(() => {}, 'Session.find returning new sessions if none is found is deprecated');
-
 const NON_REJECTABLE_CLAIMS = new Set(['sub', 'sid', 'auth_time', 'acr', 'amr', 'iss']);
 const NON_REJECTABLE_SCOPES = new Set(['openid']);
 
@@ -169,7 +166,7 @@ module.exports = function getSession(provider) {
       return getterSetTransformation(authorization.rejectedClaims);
     }
 
-    static async find(id, { upsert = true } = {}) {
+    static async find(id) {
       assert(id, 'id must be provided to Session#find');
       const data = await getAdapter().find(id);
       if (data) {
@@ -180,11 +177,7 @@ module.exports = function getSession(provider) {
           return new Session(id, data);
         }
       }
-      /* istanbul ignore if */
-      if (upsert) {
-        deprecated();
-        return new Session(id);
-      }
+
       return undefined;
     }
 
@@ -196,7 +189,7 @@ module.exports = function getSession(provider) {
 
       let session;
       if (sessionId) {
-        session = await this.find(sessionId, { upsert: false });
+        session = await this.find(sessionId);
       }
       if (!session) {
         sessionId = uuid();
diff --git a/lib/provider.js b/lib/provider.js
index 9303ee018..b7acd7c2b 100644
--- a/lib/provider.js
+++ b/lib/provider.js
@@ -61,7 +61,7 @@ async function getInteraction(req, res) {
   if (!id) {
     throw new SessionNotFound('interaction session id cookie not found');
   }
-  const interaction = await this.Session.find(id, { upsert: false });
+  const interaction = await this.Session.find(id);
   if (!interaction) {
     throw new SessionNotFound('interaction session not found');
   }