diff --git a/api/api.inc.php b/api/api.inc.php
index fac03bccd1d848308809e78343838d5401325771..d1440c8b3a7e3c447dc6ab30cc0b6e31ade86c87 100644
--- a/api/api.inc.php
+++ b/api/api.inc.php
@@ -17,7 +17,8 @@ file_exists('../main.inc.php') or die('System Error');
 
 // Disable sessions for the API. API should be considered stateless and
 // shouldn't chew up database records to store sessions
-define('DISABLE_SESSION', true);
+if (!defined('DISABLE_SESSION'))
+    define('DISABLE_SESSION', true);
 
 require_once('../main.inc.php');
 require_once(INCLUDE_DIR.'class.http.php');
diff --git a/api/http.php b/api/http.php
index 2efd1a98c271d103987ffd2eda667e738e5812cd..3f8f721ec6f7b2af531b7d577858d18ce90a0890 100644
--- a/api/http.php
+++ b/api/http.php
@@ -13,6 +13,10 @@
 
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
+// Use sessions — it's important for SSO authentication, which uses
+// /api/auth/ext
+define('DISABLE_SESSION', false);
+
 require 'api.inc.php';
 
 # Include the main api urls