diff -u b/modules/system/system.install b/modules/system/system.install
--- b/modules/system/system.install
+++ b/modules/system/system.install
@@ -3361,13 +3361,10 @@
 }
 
 /*
- * Update the schema for sessions.
+ * Update the schema and data of the sessions table.
  */
 function system_update_7086() {
-  // Delete all existing sessions.
-  db_truncate('sessions')->execute();
-
-  // Updates the session ID fields' description.
+  // Update the session ID fields' description.
   $spec = array(
     'description' => "A session ID (hashed). The value is generated by Drupal's session handlers.",
     'type' => 'varchar',
@@ -3387,13 +3384,23 @@
   db_drop_primary_key('sessions');
   db_change_field('sessions', 'ssid', 'ssid', $spec, array('primary key' => array('sid', 'ssid')));
 
-  // Re-save the current session to have it hashed.
-  global $user;
-  $session = isset($user->session) ? $user->session : '';
-  drupal_save_session(TRUE);
-  drupal_static_reset('drupal_session_last_read');
-  _drupal_session_write(session_id(), $session);
-  drupal_save_session(FALSE);
+  // Update all existing sessions.
+  $sessions = db_query('SELECT sid, ssid FROM {sessions}');
+  while ($session = $sessions->fetchAssoc()) {
+    $query = db_update('sessions');
+    $fields = array();
+    if (!empty($session['sid'])) {
+      $fields['sid'] = drupal_hash_base64($session['sid']);
+      $query->condition('sid', $session['sid']);
+    }
+    if (!empty($session['ssid'])) {
+      $fields['ssid'] = drupal_hash_base64($session['ssid']);
+      $query->condition('ssid', $session['ssid']);
+    }
+    $query
+      ->fields($fields)
+      ->execute();
+  }
 }
 
 /**