diff --git a/migrations/2023-10-26-0942_session_delete_cascade/down.sql b/migrations/2023-10-26-0942_session_delete_cascade/down.sql
new file mode 100644
index 0000000..cd4137f
--- /dev/null
+++ b/migrations/2023-10-26-0942_session_delete_cascade/down.sql
@@ -0,0 +1,8 @@
+-- This file should undo anything in `up.sql`
+
+ALTER TABLE sessions
+    DROP CONSTRAINT sessions_client_id_fkey,
+    ADD CONSTRAINT sessions_client_id_fkey
+        FOREIGN KEY (client_id)
+        REFERENCES clients(id)
+        ON DELETE NO ACTION;
diff --git a/migrations/2023-10-26-0942_session_delete_cascade/up.sql b/migrations/2023-10-26-0942_session_delete_cascade/up.sql
new file mode 100644
index 0000000..eda6e0b
--- /dev/null
+++ b/migrations/2023-10-26-0942_session_delete_cascade/up.sql
@@ -0,0 +1,8 @@
+-- Your SQL goes here
+
+ALTER TABLE sessions
+    DROP CONSTRAINT sessions_client_id_fkey,
+    ADD CONSTRAINT sessions_client_id_fkey
+        FOREIGN KEY (client_id)
+        REFERENCES clients(id)
+        ON DELETE CASCADE;
diff --git a/tests/clients.rs b/tests/clients.rs
index acccfa9..16b95b9 100644
--- a/tests/clients.rs
+++ b/tests/clients.rs
@@ -9,8 +9,9 @@ use rocket::http::Status;
 
 mod common;
 
-use crate::common::url;
+use crate::common::{config, url};
 use zauth::models::client::{Client, NewClient};
+use zauth::models::session::Session;
 
 #[rocket::async_test]
 async fn create_and_update_client() {
@@ -100,3 +101,42 @@ async fn change_client_secret() {
 	})
 	.await;
 }
+
+#[rocket::async_test]
+async fn delete_client_with_session() {
+	common::as_admin(async move |http_client, db, user| {
+		let client_name = "test";
+
+		let client_form = format!("name={}", url(&client_name),);
+
+		let create = http_client
+			.post("/clients")
+			.body(client_form)
+			.header(ContentType::Form)
+			.header(Accept::JSON)
+			.dispatch()
+			.await;
+
+		assert_eq!(create.status(), Status::Created);
+		let client = Client::find_by_name(client_name.to_owned(), &db)
+			.await
+			.unwrap();
+
+		let session =
+			Session::create_client_session(&user, &client, &config(), &db)
+				.await
+				.unwrap();
+
+		let delete = http_client
+			.delete(format!("/clients/{}", &client.id))
+			.header(ContentType::Form)
+			.header(Accept::JSON)
+			.dispatch()
+			.await;
+
+		assert_eq!(delete.status(), Status::NoContent);
+		assert!(Client::find(client.id, &db).await.is_err());
+		assert!(Session::find_by_id(session.id, &db).await.is_err());
+	})
+	.await;
+}