diff --git a/services/web/app/coffee/Features/Authentication/AuthenticationController.coffee b/services/web/app/coffee/Features/Authentication/AuthenticationController.coffee
index 5b934e4f25..c992fec578 100644
--- a/services/web/app/coffee/Features/Authentication/AuthenticationController.coffee
+++ b/services/web/app/coffee/Features/Authentication/AuthenticationController.coffee
@@ -154,6 +154,7 @@ module.exports = AuthenticationController =
 		# Regenerate the session to get a new sessionID (cookie value) to
 		# protect against session fixation attacks
 		oldSession = req.session
+		req.session.destroy()
 		req.sessionStore.generate(req)
 		for key, value of oldSession
 			req.session[key] = value
diff --git a/services/web/test/UnitTests/coffee/Authentication/AuthenticationControllerTests.coffee b/services/web/test/UnitTests/coffee/Authentication/AuthenticationControllerTests.coffee
index 485aeba475..10d0e87b12 100644
--- a/services/web/test/UnitTests/coffee/Authentication/AuthenticationControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/Authentication/AuthenticationControllerTests.coffee
@@ -423,6 +423,7 @@ describe "AuthenticationController", ->
 		beforeEach ->
 			@req.session =
 				save: sinon.stub().callsArg(0)
+				destroy : sinon.stub()
 			@req.sessionStore =
 				generate: sinon.stub()
 			@AuthenticationController.establishUserSession @req, @user, @callback
@@ -435,6 +436,9 @@ describe "AuthenticationController", ->
 			@req.session.user.referal_id.should.equal @user.referal_id
 			@req.session.user.isAdmin.should.equal @user.isAdmin
 			
+		it "should destroy the session", ->
+			@req.session.destroy.called.should.equal true
+			
 		it "should regenerate the session to protect against session fixation", ->
 			@req.sessionStore.generate.calledWith(@req).should.equal true