diff --git a/ajax/ajax_categorymgmt.php b/ajax/ajax_categorymgmt.php
index 9812df1c..e94796c0 100644
--- a/ajax/ajax_categorymgmt.php
+++ b/ajax/ajax_categorymgmt.php
@@ -32,6 +32,10 @@ if ( ! SP_Init::isLoggedIn() ) {
     SP_Common::printXML(_('La sesión no se ha iniciado o ha caducado'),10);
 }
 
+if (!isset($_POST["sk"]) || !SP_Common::checkSessionKey($_POST["sk"])) {
+    SP_Common::printXML(_('CONSULTA INVÁLIDA'));
+}
+
 SP_Users::checkUserAccess('config') || SP_Html::showCommonError('unavailable');
 
 $intCategoryFunction = ( isset($_POST["categoryFunction"]) ) ? (int) $_POST["categoryFunction"] : 0;
diff --git a/ajax/ajax_getFiles.php b/ajax/ajax_getFiles.php
index 00c953b0..da658a60 100644
--- a/ajax/ajax_getFiles.php
+++ b/ajax/ajax_getFiles.php
@@ -41,11 +41,16 @@ if ( SP_Config::getValue('filesenabled') == 0 ){
 
 $accountId = ( isset($_GET['id']) ) ? (int)$_GET['id'] : 0 ;
 $deleteEnabled = ( isset($_GET['del']) ) ? (int)$_GET['del'] : 0 ;
+$skey = ( isset($_GET['sk']) ) ? SP_Html::sanitize($_GET['sk']) : NULL;
+
+if ( is_null($skey) ) {
+    return _('CONSULTA INVÁLIDA');
+}
 
 $files = SP_Files::getFileList($accountId, $deleteEnabled);
 
 if ( ! is_array($files) || count($files) === 0 ){
-	return;
+    return;
 }
 ?>
 
@@ -55,7 +60,6 @@ if ( ! is_array($files) || count($files) === 0 ){
     <option value='<? echo $file['id']; ?>'><? echo $file['name'] ?> (<? echo $file['size']; ?> KB)</option>
     <? endforeach;?>
     </select>
-	<input type="hidden" name="sk" value="<? echo SP_Common::getSessionKey(TRUE); ?>">
     <input name="action" type="hidden" id="action" value="download">
 </form>
 <div class="actionFiles">
diff --git a/inc/tpl/accounts.php b/inc/tpl/accounts.php
index 851e3ebc..b3cdce3f 100644
--- a/inc/tpl/accounts.php
+++ b/inc/tpl/accounts.php
@@ -135,7 +135,7 @@ $showEditPass = ($action == "accedit"
                 && ! $account->accountIsHistory);
 $showDelete = ($action == "accdelete" && $account->checkAccountAccess("accdelete")  && SP_Users::checkUserAccess("accdelete"));
 $filesDelete = ( $action == 'accedit' ) ? 1 : 0;
-$skey = SP_Common::getSessionKey();
+$skey = SP_Common::getSessionKey(TRUE);
 ?>
 
 <div id="title" class="midroundup <? echo $title['class']; ?>"><? echo $title['name']; ?></div>
@@ -405,7 +405,7 @@ $skey = SP_Common::getSessionKey();
             
             <? if ( $showDelete ): ?>
             <li>
-                <img src="imgs/delete.png" title="<? echo _('Eliminar Cuenta'); ?>" class="inputImg" OnClick="delAccount(<? echo $account->accountId; ?>,3,'<? echo SP_Common::getSessionKey(TRUE); ?>');" />
+                <img src="imgs/delete.png" title="<? echo _('Eliminar Cuenta'); ?>" class="inputImg" OnClick="delAccount(<? echo $account->accountId; ?>,3,'<? echo $skey; ?>');" />
             </li>
             <? endif; ?>
         </ul>
diff --git a/inc/tpl/categories.php b/inc/tpl/categories.php
index fdbaf6b4..9f3d6292 100644
--- a/inc/tpl/categories.php
+++ b/inc/tpl/categories.php
@@ -50,6 +50,7 @@ $categoriesSelProp2 = array ( "name" => "categoryId",
                         "js" => "",
                         "attribs" => "");
 
+$skey = SP_Common::getSessionKey(TRUE);
 ?>
 <table class="data tblConfig round">
     
@@ -63,7 +64,7 @@ $categoriesSelProp2 = array ( "name" => "categoryId",
                     <input type="image" src="imgs/add.png" title="<? echo _('Nueva categoría'); ?>" class="inputImg" id="btnAdd" />
 					<input type="hidden" name="active" value="<? echo $activeTab ?>" />
                     <input type="hidden" name="categoryFunction" value="1">
-                    <input type="hidden" name="sk" value="<? echo SP_Common::getSessionKey(TRUE); ?>">
+                    <input type="hidden" name="sk" value="<? echo $skey; ?>">
                 </form>
             </td>
         </tr>
@@ -79,7 +80,7 @@ $categoriesSelProp2 = array ( "name" => "categoryId",
 				<input type="hidden" name="active" value="<? echo $activeTab ?>" />
                 <input type="text" name="categoryNameNew" maxlength="50" >
                 <input type="hidden" name="categoryFunction" value="2">
-                <input type="hidden" name="sk" value="'.SP_Common::getSessionKey(TRUE).'">
+                <input type="hidden" name="sk" value="<? echo $skey; ?>">
                 <input type="image" src="imgs/save.png" title="<? echo _('Guardar'); ?>" class="inputImg" id="btnGuardar" />
             </form>
         </td>
@@ -93,7 +94,7 @@ $categoriesSelProp2 = array ( "name" => "categoryId",
                 <? SP_Html::printSelect(SP_Category::getCategories(), $categoriesSelProp2); ?>
 				<input type="hidden" name="active" value="<? echo $activeTab ?>" />
                 <input type="hidden" name="categoryFunction" value="3">
-                <input type="hidden" name="sk" value="'.SP_Common::getSessionKey(TRUE).'">
+                <input type="hidden" name="sk" value="<? echo $skey; ?>">
                 <input type="image" src="imgs/delete.png" title="<? echo _('Borrar categoría'); ?>" class="inputImg" />
             </form>
         </td>
@@ -109,4 +110,4 @@ $categoriesSelProp2 = array ( "name" => "categoryId",
         placeholder_text_single: "<? echo _('Seleccionar Categoría'); ?>", 
         disable_search_threshold: 10,
         no_results_text: "<? echo _('Sin resultados'); ?>"});
-</script>
+</script>
\ No newline at end of file
diff --git a/inc/tpl/groups.php b/inc/tpl/groups.php
index bed1c44a..7fef7703 100644
--- a/inc/tpl/groups.php
+++ b/inc/tpl/groups.php
@@ -53,7 +53,7 @@ $activeTab = $data['active'];
         <input type="hidden" name="id" value="<? echo $group["usergroup_id"]; ?>" />
         <input type="hidden" name="action" value="<? echo $group["action"] ?>" />
         <input type="hidden" name="type" value="<?php echo $data['itemtype']; ?>" />
-        <input type="hidden" name="sk" value="<? echo SP_Common::getSessionKey() ?>">
+        <input type="hidden" name="sk" value="<? echo SP_Common::getSessionKey(TRUE) ?>">
         <input type="hidden" name="is_ajax" value="1">
     </form>
     <div id="resCheck"><span id="resFancyAccion"></span></div>
diff --git a/inc/tpl/profiles.php b/inc/tpl/profiles.php
index 96a77797..29116cb1 100644
--- a/inc/tpl/profiles.php
+++ b/inc/tpl/profiles.php
@@ -113,7 +113,7 @@ $activeTab = $data['active'];
         <input type="hidden" name="id" value="<? echo $profile['userprofile_id']; ?>" />
         <input type="hidden" name="action" value="<? echo $profile["action"] ?>" />
         <input type="hidden" name="type" value="<?php echo $data['itemtype']; ?>" />
-        <input type="hidden" name="sk" value="<? echo SP_Common::getSessionKey() ?>">
+        <input type="hidden" name="sk" value="<? echo SP_Common::getSessionKey(TRUE) ?>">
         <input type="hidden" name="is_ajax" value="1">
         <script>
             $(function() { 
diff --git a/inc/tpl/users.php b/inc/tpl/users.php
index be2f482a..8a7a93f9 100644
--- a/inc/tpl/users.php
+++ b/inc/tpl/users.php
@@ -147,7 +147,7 @@ $ro = ( $user['checks']['user_isLdap'] ) ? "READONLY" : "";
         <input type="hidden" name="id" value="<? echo $user['user_id']; ?>" />
         <input type="hidden" name="action" value="<? echo $user['action']; ?>" />
         <input type="hidden" name="type" value="<?php echo $data['itemtype']; ?>" />
-        <input type="hidden" name="sk" value="<? echo SP_Common::getSessionKey() ?>">
+        <input type="hidden" name="sk" value="<? echo SP_Common::getSessionKey(TRUE) ?>">
         <input type="hidden" name="is_ajax" value="1">
     </form>
     <div id="resCheck"><span id="resFancyAccion"></span></div>