diff --git a/controller/Session.class.php b/controller/Session.class.php
index bebd861b..229072b8 100644
--- a/controller/Session.class.php
+++ b/controller/Session.class.php
@@ -18,10 +18,15 @@ class Session
 
   public static function init()
   {
-    session_start([
-      'cookie_secure' => IS_PRODUCTION, // cookie over ssl only
-      'cookie_httponly' => true, // no js access
-    ]);
+    ini_set('session.cookie_secure', IS_PRODUCTION); // send cookie over ssl only
+    ini_set('session.cookie_httponly', true); // no js access to cookies
+    session_start();
+
+    if (!static::get('secure_and_httponly_set'))
+    {
+      session_regenerate_id(); // ensure that old cookies get new settings
+    }
+    static::set('secure_and_httponly_set', true);
   }
 
   public static function get($key, $default = null)