diff --git a/backend/app/api/endpoints/sessions.py b/backend/app/api/endpoints/sessions.py
index 570b7672..3ad51f5d 100644
--- a/backend/app/api/endpoints/sessions.py
+++ b/backend/app/api/endpoints/sessions.py
@@ -143,8 +143,8 @@ async def get_session(
 
     if session.user_id != current_user.id and session.assigned_to_id != current_user.id:
         raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="You don't have access to this session"
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Session not found"
         )
 
     return session
@@ -234,8 +234,8 @@ async def update_session(
 
     if session.user_id != current_user.id and session.assigned_to_id != current_user.id:
         raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="You don't have access to this session"
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Session not found"
         )
 
     if session.completed_at:
@@ -281,8 +281,8 @@ async def complete_session(
 
     if session.user_id != current_user.id and session.assigned_to_id != current_user.id:
         raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="You don't have access to this session"
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Session not found"
         )
 
     if session.completed_at:
@@ -319,8 +319,8 @@ async def update_scratchpad(
 
     if session.user_id != current_user.id and session.assigned_to_id != current_user.id:
         raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="You don't have access to this session"
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Session not found"
         )
 
     session.scratchpad = data.scratchpad
@@ -348,8 +348,8 @@ async def update_session_variables(
 
     if session.user_id != current_user.id and session.assigned_to_id != current_user.id:
         raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="You don't have access to this session"
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Session not found"
         )
 
     if session.completed_at:
@@ -387,8 +387,8 @@ async def export_session(
 
     if session.user_id != current_user.id and session.assigned_to_id != current_user.id:
         raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="You don't have access to this session"
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Session not found"
         )
 
     # PDF export — separate path with binary response
@@ -830,8 +830,8 @@ async def link_ticket(
     if session.user_id != current_user.id and session.assigned_to_id != current_user.id:
         if not current_user.is_super_admin:
             raise HTTPException(
-                status_code=status.HTTP_403_FORBIDDEN,
-                detail="You don't have access to this session",
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail="Session not found",
             )
 
     # Unlink