diff --git a/src/LeanCloud/LeanClient.php b/src/LeanCloud/LeanClient.php
index d04ce36..7343de4 100644
--- a/src/LeanCloud/LeanClient.php
+++ b/src/LeanCloud/LeanClient.php
@@ -6,6 +6,7 @@
 use LeanCloud\LeanObject;
 use LeanCloud\LeanACL;
 use LeanCloud\LeanFile;
+use LeanCloud\LeanUser;
 use LeanCloud\Operation\IOperation;
 use LeanCloud\Storage\IStorage;
 use LeanCloud\Storage\SessionStorage;
@@ -227,6 +228,10 @@ public static function buildHeaders($sessionToken, $useMasterKey) {
             $h['X-LC-Sign'] .= ",master";
         }
 
+        if (!$sessionToken) {
+            $sessionToken = LeanUser::getCurrentSessionToken();
+        }
+
         if ($sessionToken) {
             $h['X-LC-Session'] = $sessionToken;
         }
diff --git a/tests/LeanUserTest.php b/tests/LeanUserTest.php
index a0afa05..a387ca3 100644
--- a/tests/LeanUserTest.php
+++ b/tests/LeanUserTest.php
@@ -3,6 +3,7 @@
 use LeanCloud\LeanClient;
 use LeanCloud\LeanUser;
 use LeanCloud\LeanFile;
+use LeanCloud\LeanQuery;
 use LeanCloud\CloudException;
 use LeanCloud\Storage\SessionStorage;
 
@@ -199,5 +200,18 @@ public function testCircularGetCurrentUser() {
         $this->assertEquals($user2->getUsername(), "alice");
     }
 
+    /*
+     * To test this case, it is necessary to set "find" permission
+     * to be session user, i.e. allow current logged in user to query only.
+     *
+     * @link https://github.com/leancloud/php-sdk/issues/62
+     */
+    public function testFindUserWithSession() {
+        $user = LeanUser::logIn("alice", "blabla");
+        $query = new LeanQuery("_User");
+        // it should not raise: 1 Forbidden to find by class permission.
+        $query->first();
+    }
+
 }