diff --git a/html/includes/authenticate.inc.php b/html/includes/authenticate.inc.php
index b18b8c7c42..0149bbe589 100644
--- a/html/includes/authenticate.inc.php
+++ b/html/includes/authenticate.inc.php
@@ -58,7 +58,7 @@ if (file_exists('includes/authentication/'.$config['auth_mechanism'].'.inc.php')
 $auth_success = 0;
 
 if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token']))) {
-    if (reauthenticate(clean($_COOKIE['sess_id']), clean($_COOKIE['token'])) || authenticate($_SESSION['username'], $_SESSION['password'])) {
+    if (reauthenticate($_COOKIE['sess_id'], $_COOKIE['token']) || authenticate($_SESSION['username'], $_SESSION['password'])) {
         $_SESSION['userlevel'] = get_userlevel($_SESSION['username']);
         $_SESSION['user_id']   = get_userid($_SESSION['username']);
         if (!$_SESSION['authenticated']) {
diff --git a/html/includes/authentication/mysql.inc.php b/html/includes/authentication/mysql.inc.php
index e94bccc646..3866e367e8 100644
--- a/html/includes/authentication/mysql.inc.php
+++ b/html/includes/authentication/mysql.inc.php
@@ -35,6 +35,8 @@ function authenticate($username, $password)
 
 function reauthenticate($sess_id, $token)
 {
+    $sess_id = clean($sess_id);
+    $token = clean($token);
     list($uname,$hash) = explode('|', $token);
     $session           = dbFetchRow("SELECT * FROM `session` WHERE `session_username` = '$uname' AND session_value='$sess_id'", array(), true);
     $hasher            = new PasswordHash(8, false);