diff --git a/files/__main__.py b/files/__main__.py
index 837ee8341..21d4e155b 100644
--- a/files/__main__.py
+++ b/files/__main__.py
@@ -108,7 +108,7 @@ def before_request():
 
 	if not request.path.startswith("/assets") and not request.path.startswith("/images") and not request.path.startswith("/hostedimages"):
 		session.permanent = True
-		if not session.get("session_id"): session["session_id"] = secrets.token_hex(50)
+		if not session.get("session_id"): session["session_id"] = secrets.token_hex(52)
 
 	if request.url.startswith("http://") and "localhost" not in app.config["SERVER_NAME"]:
 		url = request.url.replace("http://", "https://", 1)
diff --git a/files/classes/user.py b/files/classes/user.py
index e27d7aac5..365e40118 100644
--- a/files/classes/user.py
+++ b/files/classes/user.py
@@ -300,8 +300,7 @@ class User(Base):
 	@lazy
 	def formkey(self):
 
-		if "session_id" not in session:
-			session["session_id"] = token_hex(50)
+		if "session_id" not in session: session["session_id"] = token_hex(52)
 
 		msg = f"{session['session_id']}+{self.id}+{self.login_nonce}"
 
diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py
index 4207b858e..f5bbf4a0c 100644
--- a/files/helpers/wrappers.py
+++ b/files/helpers/wrappers.py
@@ -14,14 +14,13 @@ def get_logged_in_user():
 		v.client = client
 		return v
 	else:
-		uid = session.get("user_id")
 		nonce = session.get("login_nonce", 0)
-		logged_in = session.get("logged_in")
+		logged_in_user = session.get("logged_in_user")
 
-		if not uid or not logged_in or uid != logged_in: return None
+		if not logged_in_user: return None
 
 		try:
-			if g.db: v = g.db.query(User).filter_by(id=logged_in).one_or_none()
+			if g.db: v = g.db.query(User).filter_by(id=logged_in_user).one_or_none()
 			else: return None
 		except: return None
 
diff --git a/files/routes/login.py b/files/routes/login.py
index fc325327f..ef97c9d76 100644
--- a/files/routes/login.py
+++ b/files/routes/login.py
@@ -134,9 +134,8 @@ def login_post():
 	else:
 		abort(400)
 
-	session["user_id"] = account.id
-	session["logged_in"] = account.id
-	session["session_id"] = token_hex(50)
+	session["logged_in_user"] = account.id
+	session["session_id"] = token_hex(52)
 	session["login_nonce"] = account.login_nonce
 	session.permanent = True
 
@@ -164,9 +163,8 @@ def me(v):
 @validate_formkey
 def logout(v):
 
-	session.pop("user_id", None)
 	session.pop("session_id", None)
-	session.pop("logged_in", None)
+	session.pop("logged_in_user", None)
 
 	return {"message": "Logout successful!"}
 
@@ -340,9 +338,8 @@ def sign_up_post(v):
 
 	if "rama" in request.host: send_notification(new_user.id, WELCOME_MSG)
 
-	session["user_id"] = new_user.id
-	session["logged_in"] = new_user.id
-	session["session_id"] = token_hex(50)
+	session["logged_in_user"] = new_user.id
+	session["session_id"] = token_hex(52)
 
 	g.db.commit()