diff --git a/includes/Classes/Auth.php b/includes/Classes/Auth.php
index 12b09878..a728e28a 100644
--- a/includes/Classes/Auth.php
+++ b/includes/Classes/Auth.php
@@ -49,6 +49,8 @@ private function login($user)
         else {
             $_SESSION['access'] = 'admin';
         }
+
+        session_regenerate_id(true);
     }
 
     public function authenticate($username, $password)
@@ -399,6 +401,7 @@ public function logout($error_code = null)
         header("Cache-control: private");
 		$_SESSION = array();
         session_destroy();
+        session_regenerate_id(true);
         
         global $hybridauth;
         if (!empty($hybridauth)) {