diff --git a/openvidu-server/src/main/java/io/openvidu/server/rest/SessionRestController.java b/openvidu-server/src/main/java/io/openvidu/server/rest/SessionRestController.java
index 8e77aaa6..48a79e15 100644
--- a/openvidu-server/src/main/java/io/openvidu/server/rest/SessionRestController.java
+++ b/openvidu-server/src/main/java/io/openvidu/server/rest/SessionRestController.java
@@ -140,6 +140,11 @@ public class SessionRestController {
 					builder = builder.mediaMode(MediaMode.ROUTED);
 				}
 				if (customSessionId != null && !customSessionId.isEmpty()) {
+					if (!sessionManager.formatChecker.isValidCustomSessionId(customSessionId)) {
+						return this.generateErrorResponse(
+								"Parameter \"customSessionId\" is wrong. Must be an alphanumeric string",
+								"/api/sessions", HttpStatus.BAD_REQUEST);
+					}
 					builder = builder.customSessionId(customSessionId);
 				}
 				builder = builder.defaultCustomLayout((defaultCustomLayout != null) ? defaultCustomLayout : "");
diff --git a/openvidu-server/src/main/java/io/openvidu/server/utils/FormatChecker.java b/openvidu-server/src/main/java/io/openvidu/server/utils/FormatChecker.java
index e809863a..72806c2a 100644
--- a/openvidu-server/src/main/java/io/openvidu/server/utils/FormatChecker.java
+++ b/openvidu-server/src/main/java/io/openvidu/server/utils/FormatChecker.java
@@ -24,9 +24,14 @@ public class FormatChecker {
 		// with 0 and 3 digits long or 4 digits long if they start with 1
 		return stringResolution.matches("^(?!(0))(([0-9]{3})|1([0-9]{3}))x(?!0)(([0-9]{3})|1([0-9]{3}))$");
 	}
-	
+
 	public boolean isServerMetadataFormatCorrect(String metadata) {
 		return true;
 	}
 
+	public boolean isValidCustomSessionId(String customSessionId) {
+		// Alphanumeric string
+		return customSessionId.matches("[a-zA-Z0-9]+");
+	}
+
 }