diff --git a/frappe/utils/safe_exec.py b/frappe/utils/safe_exec.py
index ff43c90a24..4a6ac7b551 100644
--- a/frappe/utils/safe_exec.py
+++ b/frappe/utils/safe_exec.py
@@ -232,13 +232,13 @@ def get_safe_globals():
 			get_fullname=frappe.utils.get_fullname,
 			get_gravatar=frappe.utils.get_gravatar_url,
 			full_name=frappe.local.session.data.full_name
-			if getattr(frappe.local, "session", None)
+			if getattr(frappe.local, "session", None) and getattr(frappe.local.session, "data", None)
 			else "Guest",
 			request=getattr(frappe.local, "request", {}),
 			session=frappe._dict(
 				user=user,
 				csrf_token=frappe.local.session.data.csrf_token
-				if getattr(frappe.local, "session", None)
+				if getattr(frappe.local, "session", None) and getattr(frappe.local.session, "data", None)
 				else "",
 			),
 			make_get_request=frappe.integrations.utils.make_get_request,
diff --git a/frappe/website/page_renderers/base_template_page.py b/frappe/website/page_renderers/base_template_page.py
index 622cd113ef..e957c8fe11 100644
--- a/frappe/website/page_renderers/base_template_page.py
+++ b/frappe/website/page_renderers/base_template_page.py
@@ -16,7 +16,7 @@ class BaseTemplatePage(BaseRenderer):
 		self.context.update(frappe.local.conf.get("website_context") or {})
 
 	def add_csrf_token(self, html):
-		if frappe.local.session:
+		if frappe.local.session and getattr(frappe.local.session, "data", None):
 			csrf_token = frappe.local.session.data.csrf_token
 			return html.replace(
 				"<!-- csrf_token -->", f'<script>frappe.csrf_token = "{csrf_token}";</script>'