diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
index 7213eb3..3e73c7a 100644
--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -126,15 +126,9 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z)
/* found a session that hasn't expired? */
now = apr_time_now();
- if (!zz || (zz->expiry && zz->expiry < now)) {
-
- /* no luck, create a blank session */
- zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
- zz->pool = r->pool;
- zz->entries = apr_table_make(zz->pool, 10);
-
- }
- else {
+
+ if (zz){
+ /* load the session attibutes */
rv = ap_run_session_decode(r, zz);
if (OK != rv) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
@@ -142,8 +136,22 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z)
"session not loaded: %s", r->uri);
return rv;
}
+
+ /* invalidate session if session is expired */
+ if (zz && zz->expiry && zz->expiry < now){
+ zz = NULL;
+ }
}
+ if (!zz || (zz->expiry && zz->expiry < now)) {
+
+ /* no luck, create a blank session */
+ zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
+ zz->pool = r->pool;
+ zz->entries = apr_table_make(zz->pool, 10);
+
+ }
+
/* make sure the expiry is set, if present */
if (!zz->expiry && dconf->maxage) {
zz->expiry = now + dconf->maxage * APR_USEC_PER_SEC;