diff --git a/src/RestQuery.js b/src/RestQuery.js
index 91ebe536..7cf8074f 100644
--- a/src/RestQuery.js
+++ b/src/RestQuery.js
@@ -415,6 +415,11 @@ function includePath(config, auth, response, path) {
     for (var obj of includeResponse.results) {
       obj.__type = 'Object';
       obj.className = className;
+
+      if(className == "_User"){
+        delete obj.sessionToken;
+      }
+
       replace[obj.objectId] = obj;
     }
     var resp = {
diff --git a/src/Routers/ClassesRouter.js b/src/Routers/ClassesRouter.js
index 11666b20..a49d6d4a 100644
--- a/src/Routers/ClassesRouter.js
+++ b/src/Routers/ClassesRouter.js
@@ -51,6 +51,11 @@ export class ClassesRouter {
         if (!response.results || response.results.length == 0) {
           throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Object not found.');
         }
+        
+        if(req.params.className === "_User"){
+          delete response.results[0].sessionToken;
+        }
+
         return { response: response.results[0] };
       });
   }
diff --git a/src/users.js b/src/users.js
index 4205c666..9484ee64 100644
--- a/src/users.js
+++ b/src/users.js
@@ -133,6 +133,9 @@ function handleGet(req) {
       throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
                             'Object not found.');
     } else {
+      if(req.params.className === "_User"){
+        delete response.results[0].sessionToken;
+      }
       return {response: response.results[0]};
     }
   });