diff --git a/include/class.client.php b/include/class.client.php
index b5d062c95708e8a715dd8a5bc6a3614031f66e14..078b21bfdcc78811263e2ce28b59dac4a61a469a 100644
--- a/include/class.client.php
+++ b/include/class.client.php
@@ -209,7 +209,7 @@ class Client {
                 $_SESSION['_client']['token'] = $user->getSessionToken();
                 $_SESSION['TZ_OFFSET'] = $cfg->getTZoffset();
                 $_SESSION['TZ_DST'] = $cfg->observeDaylightSaving();
-                $user->refreshSession(); //set the hash.
+                $user->refreshSession(true); //set the hash.
                 //Log login info...
                 $msg=sprintf('%s/%s logged in [%s]', $ticket->getEmail(), $ticket->getExtId(), $_SERVER['REMOTE_ADDR']);
                 $ost->logDebug('User login', $msg);
diff --git a/include/class.staff.php b/include/class.staff.php
index 391e0fa03be29eba337b28632b2717770d147337..34a35e00853f54770fbc58c166460a48f171d6c9 100644
--- a/include/class.staff.php
+++ b/include/class.staff.php
@@ -660,7 +660,7 @@ class Staff {
         //Now set session crap and lets roll baby!
         $_SESSION['_staff'] = array(); //clear.
         $_SESSION['_staff']['userID'] = $user->getId();
-        $user->refreshSession(); //set the hash.
+        $user->refreshSession(true); //set the hash.
         $_SESSION['TZ_OFFSET'] = $user->getTZoffset();
         $_SESSION['TZ_DST'] = $user->observeDaylight();
 
diff --git a/include/class.usersession.php b/include/class.usersession.php
index d65a64719a0b43702ca74f4fd1ac7d6e3156b20d..85aa876eb36e957d116c4b7bea3e10f345cd3096 100644
--- a/include/class.usersession.php
+++ b/include/class.usersession.php
@@ -129,10 +129,10 @@ class ClientSession extends Client {
         return $this->session->isvalidSession($_SESSION['_client']['token'],$cfg->getClientTimeout(),false)?true:false;
     }
 
-    function refreshSession(){
+    function refreshSession($force=false){
         $time = $this->session->getLastUpdate($_SESSION['_client']['token']);
         // Deadband session token updates to once / 30-seconds
-        if (time() - $time < 30)
+        if (!$force && time() - $time < 30)
             return;
         $_SESSION['_client']['token']=$this->getSessionToken();
         //TODO: separate expire time from hash??
@@ -170,10 +170,10 @@ class StaffSession extends Staff {
         return $this->session->isvalidSession($_SESSION['_staff']['token'],$cfg->getStaffTimeout(),$cfg->enableStaffIPBinding())?true:false;
     }
 
-    function refreshSession(){
+    function refreshSession($force=false){
         $time = $this->session->getLastUpdate($_SESSION['_staff']['token']);
         // Deadband session token updates to once / 30-seconds
-        if (time() - $time < 30)
+        if (!$force && time() - $time < 30)
             return;
 
         $_SESSION['_staff']['token']=$this->getSessionToken();