diff --git a/include/class.ostsession.php b/include/class.ostsession.php
index dbb5cf6312551abc4e24e4eb905eca53e0a74188..5e9fba886b28ce393fed1dc42ca526e242bc30b2 100644
--- a/include/class.ostsession.php
+++ b/include/class.ostsession.php
@@ -178,10 +178,15 @@ extends SessionBackend {
 
     function read($id) {
         try {
-            $this->data = SessionData::objects()->filter([
-                'session_id' => $id,
-                'session_expire__gt' => SqlFunction::NOW(),
-            ])->one();
+            $this->data = SessionData::objects()
+                ->filter(['session_id' => $id])
+                ->annotate(['age' => SqlFunction::NOW()->minus(new SqlField('session_expire'))])
+                ->one();
+            if ($this->data->age > 0) {
+                // session_expire is in the past. Pretend it is expired and
+                // reset the data. This will assist with CSRF issues
+                $this->data->session_data='';
+            }
             $this->id = $id;
         }
         catch (DoesNotExist $e) {