diff -u b/modules/system/system.install b/modules/system/system.install
--- b/modules/system/system.install
+++ b/modules/system/system.install
@@ -3361,10 +3361,13 @@
 }
 
 /*
- * Hash current session IDs to avoid mass logout.
+ * Update the schema for sessions.
  */
 function system_update_7086() {
-  // Updates the session ID field's description.
+  // Delete all existing sessions.
+  db_truncate('sessions')->execute();
+
+  // Updates the session ID fields' description.
   $spec = array(
     'description' => "A session ID (hashed). The value is generated by Drupal's session handlers.",
     'type' => 'varchar',
@@ -3382,15 +3385,14 @@
     'default' => '',
   );
   db_drop_primary_key('sessions');
-  db_change_field('sessions', 'sid', 'sid', $spec, array('primary key' => array('sid', 'ssid')));
+  db_change_field('sessions', 'ssid', 'ssid', $spec, array('primary key' => array('sid', 'ssid')));
 
-  // Delete all the existing old sessions.
-  db_truncate('sessions')->execute();
-  // Force to write again the current session to have it hashed.
-  drupal_save_session(TRUE);
+  // Re-save the current session to have it hashed.
   global $user;
+  $session = isset($user->session) ? $user->session : '';
+  drupal_save_session(TRUE);
   drupal_static_reset('drupal_session_last_read');
-  _drupal_session_write(session_id(), $user->session);
+  _drupal_session_write(session_id(), $session);
   drupal_save_session(FALSE);
 }