diff --git a/web/includes/actions/login.php b/web/includes/actions/login.php
index 8cafa3b26..aa1034431 100644
--- a/web/includes/actions/login.php
+++ b/web/includes/actions/login.php
@@ -75,7 +75,7 @@ if ( ('login' == $action) && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == '
 
   $close_session = 0;
   if ( !is_session_started() ) {
-    session_start();
+    zm_session_start();
     $close_session = 1;
   }
   $_SESSION['remoteAddr'] = $_SERVER['REMOTE_ADDR']; // To help prevent session hijacking
diff --git a/web/includes/auth.php b/web/includes/auth.php
index ce3e782d1..4d356513c 100644
--- a/web/includes/auth.php
+++ b/web/includes/auth.php
@@ -217,7 +217,7 @@ function generateAuthHash($useRemoteAddr, $force=false) {
       $auth = md5($authKey);
       $close_session = 0;
       if ( !is_session_started() ) {
-        session_start();
+        zm_session_start();
         $close_session = 1;
       }
       $_SESSION['AuthHash'.$_SESSION['remoteAddr']] = $auth;