diff --git a/include/class.auth.php b/include/class.auth.php
index a7dbfecbdcb294451544c0716623f07fb1f0f086..a4f32d86bfc3ed88e9fd100a2309cbd58a172a41 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -315,7 +315,7 @@ abstract class StaffAuthenticationBackend  extends AuthenticationBackend {
         $authsession['key'] =  $authkey;
 
         $staff->setAuthKey($authkey);
-        $staff->refreshSession(); //set the hash.
+        $staff->refreshSession(true); //set the hash.
 
         $_SESSION['TZ_OFFSET'] = $staff->getTZoffset();
         $_SESSION['TZ_DST'] = $staff->observeDaylight();
@@ -439,7 +439,7 @@ abstract class UserAuthenticationBackend  extends AuthenticationBackend {
         // XXX: encrypt to hide the bk??
         $user->setAuthKey($authkey);
 
-        $user->refreshSession(); //set the hash.
+        $user->refreshSession(true); //set the hash.
 
         //Log login info...
         $msg=sprintf('%s (%s) logged in [%s]',
diff --git a/include/class.usersession.php b/include/class.usersession.php
index 9244009ab82496aca5d3115376630cadd329553b..31c4ce058d50939e10dabda80fe736ab3095c83f 100644
--- a/include/class.usersession.php
+++ b/include/class.usersession.php
@@ -133,7 +133,6 @@ class ClientSession extends EndUser {
     }
 
     function refreshSession($force=false){
-
         $time = $this->session->getLastUpdate($this->token);
         // Deadband session token updates to once / 30-seconds
         if (!$force && time() - $time < 30)