diff --git a/html/includes/authenticate.inc.php b/html/includes/authenticate.inc.php
index 9f3b255dc8..e3fd31c016 100644
--- a/html/includes/authenticate.inc.php
+++ b/html/includes/authenticate.inc.php
@@ -7,7 +7,7 @@ ini_set('session.cookie_httponly', 1);
 ini_set('session.use_strict_mode', 1); // php >= 5.5.2
 ini_set('session.use_trans_sid', 0);   // insecure feature, be sure it is disabled
 
-// Preflight checks
+// Pre-flight checks
 if (!is_dir($config['rrd_dir'])) {
     echo "<div class='errorbox'>RRD Log Directory is missing ({$config['rrd_dir']}).  Graphing may fail.</div>";
 }
@@ -87,4 +87,10 @@ try {
 }
 
 session_write_close();
+
+// populate the permissions cache
+if (isset($_SESSION['user_id'])) {
+    $permissions = permissions_cache($_SESSION['user_id']);
+}
+
 unset($username, $password);
diff --git a/html/includes/authentication/functions.php b/html/includes/authentication/functions.php
index c263d6a99a..63e18b5b5b 100644
--- a/html/includes/authentication/functions.php
+++ b/html/includes/authentication/functions.php
@@ -56,7 +56,7 @@ function log_out_user($message = 'Logged Out')
  */
 function log_in_user()
 {
-    global $config, $permissions;
+    global $config;
 
     // set up variables, but don't override existing ones (ad anonymous bind can only get user_id at login)
     if (!isset($_SESSION['userlevel'])) {
@@ -72,22 +72,22 @@ function log_in_user()
         throw new AuthenticationException('Invalid Credentials');
     }
 
-    // check twofactor
-    if ($config['twofactor'] === true && !isset($_SESSION['twofactor'])) {
-        include_once $config['install_dir'].'/html/includes/authentication/twofactor.lib.php';
-        twofactor_auth();
+    if (!(isset($_SESSION['authenticated']) && $_SESSION['authenticated'])) {
+        // check twofactor
+        if ($config['twofactor'] === true && !isset($_SESSION['twofactor'])) {
+            include_once $config['install_dir'].'/html/includes/authentication/twofactor.lib.php';
+            twofactor_auth();
+        }
+
+        // if two factor isn't enabled or it has passed already ware are logged in
+        if (!$config['twofactor'] || $_SESSION['twofactor']) {
+            $_SESSION['authenticated'] = true;
+            dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Logged In'), 'authlog');
+        } else {
+            throw new AuthenticationException('Two-Factor Auth Failed');
+        }
     }
 
-    // if two factor isn't enabled or it has passed already ware are logged in
-    if (!$config['twofactor'] || $_SESSION['twofactor']) {
-        $_SESSION['authenticated'] = true;
-        dbInsert(array('user' => $_SESSION['username'], 'address' => get_client_ip(), 'result' => 'Logged In'), 'authlog');
-    } else {
-        throw new AuthenticationException('Two-Factor Auth Failed');
-    }
-
-    // populate the permissions cache
-    $permissions = permissions_cache($_SESSION['user_id']);
     return true;
 }