diff --git a/include/class.client.php b/include/class.client.php
index 087215ce7919e45331e5f6f813a7a56bd8e24156..a650adbbe68140c3a0f8d807f46df2a9d7771460 100644
--- a/include/class.client.php
+++ b/include/class.client.php
@@ -185,7 +185,7 @@ class Client {
                 $_SESSION['_client']['token'] = $user->getSessionToken();
                 $_SESSION['TZ_OFFSET'] = $cfg->getTZoffset();
                 $_SESSION['TZ_DST'] = $cfg->observeDaylightSaving();
-                
+                $user->refreshSession(); //set the hash.
                 //Log login info...
                 $msg=sprintf('%s/%s logged in [%s]', $ticket->getEmail(), $ticket->getExtId(), $_SERVER['REMOTE_ADDR']);
                 $ost->logDebug('User login', $msg);
@@ -193,11 +193,9 @@ class Client {
                 //Regenerate session ID.
                 $sid=session_id(); //Current session id.
                 session_regenerate_id(TRUE); //get new ID.
-                if(($session=$ost->getSession()) && is_object($session) && $sid)
+                if(($session=$ost->getSession()) && is_object($session) && $sid!=session_id())
                     $session->destroy($sid);
 
-                session_write_close();
-
                 return $user;
 
             } 
diff --git a/include/class.staff.php b/include/class.staff.php
index 89fdda1b362d9c82125f411d9231aca12216d5fe..9c6078c7f148e3a01612c05cac9c796422871269 100644
--- a/include/class.staff.php
+++ b/include/class.staff.php
@@ -601,10 +601,8 @@ class Staff {
             $sid=session_id(); //Current id
             session_regenerate_id(TRUE);
             //Destroy old session ID - needed for PHP version < 5.1.0 TODO: remove when we move to php 5.3 as min. requirement.
-            if(($session=$ost->getSession()) && is_object($session) && $sid)
+            if(($session=$ost->getSession()) && is_object($session) && $sid!=session_id())
                 $session->destroy($sid);
-
-            session_write_close();
         
             return $user;
         }