diff --git a/lib/settings-common.php b/lib/settings-common.php
index d38422c..5f59217 100644
--- a/lib/settings-common.php
+++ b/lib/settings-common.php
@@ -32,8 +32,10 @@ if(!isset($_SESSION)) {
 	if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
 		ini_set('session.cookie_secure','1');			// Only allows access to session ID when protocol is HTTPS, switched on under 'if https' condition 
 	}
+	@session_start();						// Finally, start the session!
+	if (!isset($_SESSION['csrf'])){
         session_regenerate_id(true);					// Create a new ID to help prevent fixation
-        @session_start();						// Finally, start the session!
+	}
 }
 
 // Set the language file, if now possible
diff --git a/lib/settings.php b/lib/settings.php
index 495457a..9c206a2 100644
--- a/lib/settings.php
+++ b/lib/settings.php
@@ -106,6 +106,7 @@ if (!isset($_SESSION['username'])) {$_SESSION['username'] = false;};
 if(isset($_POST['submit']) && $setPWorLogin=="login") {
 	// On success, set username if multiUser, loggedIn to true and redirect
 	if (generateHash(strClean($_POST['password']),$ICEcoder["password"])==$ICEcoder["password"]) {
+		session_regenerate_id();
 		if ($ICEcoder["multiUser"]) {
 			$_SESSION['username'] = $_POST['username'];
 		}