diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 04e6a94..2e632d9 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -174,7 +174,11 @@ class SessionsController < ApplicationController
       return
     end
 
-    user = User.find(params[:id])
+    user = User.find_by(id: params[:id])
+    unless user
+      redirect_to root_path, alert: "who?"
+      return
+    end
 
     if user.admin_level == "superadmin"
       redirect_to root_path, alert: "nice try, you cant do that"
diff --git a/config/routes.rb b/config/routes.rb
index 2423383..924dc7d 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -20,10 +20,8 @@ Rails.application.routes.draw do
     mount AhoyCaptain::Engine => "/ahoy_captain"
     mount Flipper::UI.app(Flipper) => "flipper", as: :flipper
 
-    get "/impersonate/:id", to: "sessions#impersonate", as: :impersonate_user
     get "/my/mailing_address", to: "my/mailing_address#show", as: :my_mailing_address
   end
-  get "/stop_impersonating", to: "sessions#stop_impersonating", as: :stop_impersonating
 
   constraints AdminLevelConstraint.new(:superadmin, :admin, :viewer) do
     namespace :admin do
@@ -40,7 +38,9 @@ Rails.application.routes.draw do
       resources :trust_level_audit_logs, only: [ :index, :show ]
       resources :admin_api_keys, except: [ :edit, :update ]
     end
+    get "/impersonate/:id", to: "sessions#impersonate", as: :impersonate_user
   end
+  get "/stop_impersonating", to: "sessions#stop_impersonating", as: :stop_impersonating
 
   if Rails.env.development?
     mount LetterOpenerWeb::Engine, at: "/letter_opener"