diff --git a/cps/MyLoginManager.py b/cps/MyLoginManager.py
new file mode 100644
index 00000000..7c916bd5
--- /dev/null
+++ b/cps/MyLoginManager.py
@@ -0,0 +1,34 @@
+# -*- coding: utf-8 -*-
+
+#  This file is part of the Calibre-Web (https://github.com/janeczku/calibre-web)
+#    Copyright (C) 2018-2019 OzzieIsaacs, cervinko, jkrehm, bodybybuddha, ok11,
+#                            andy29485, idalin, Kyosfonica, wuqi, Kennyl, lemmsh,
+#                            falgh1, grunjol, csitko, ytils, xybydy, trasba, vrabe,
+#                            ruben-herold, marblepebble, JackED42, SiphonSquirrel,
+#                            apetresc, nanu-c, mutschler, GammaC0de, vuolter
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 3 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+from flask_login import LoginManager
+from flask import session
+
+
+class MyLoginManager(LoginManager):
+    def _session_protection_failed(self):
+        sess = session._get_current_object()
+        ident = self._session_identifier_generator()
+        if(sess and not (len(sess) == 1 and sess.get('csrf_token', None))) and ident != sess.get('_id', None):
+            return super(). _session_protection_failed()
+        return False
diff --git a/cps/__init__.py b/cps/__init__.py
index f38ce0d2..a6305f0a 100644
--- a/cps/__init__.py
+++ b/cps/__init__.py
@@ -28,7 +28,7 @@ from babel import Locale as LC
 from babel import negotiate_locale
 from babel.core import UnknownLocaleError
 from flask import Flask, request, g
-from flask_login import LoginManager
+from .MyLoginManager import MyLoginManager
 from flask_babel import Babel
 from flask_principal import Principal
 
@@ -75,7 +75,7 @@ app.config.update(
 )
 
 
-lm = LoginManager()
+lm = MyLoginManager()
 lm.login_view = 'web.login'
 lm.anonymous_user = ub.Anonymous
 lm.session_protection = 'strong'