diff -u b/modules/system/system.install b/modules/system/system.install
--- b/modules/system/system.install
+++ b/modules/system/system.install
@@ -3151,10 +3151,44 @@
 }
 
 /**
- * Truncate the session table with the unsecured (not hashed) session ids.
+ * Hash the current session IDs to avoid mass logout.
  */
 function system_update_7080() {
-  db_truncate('sessions')->execute();
+  // Updates the session ID field's description.
+  $spec = array(
+    'description' => "A session ID (hashed). The value is generated by Drupal's session handlers.",
+    'type' => 'varchar',
+    'length' => 128,
+    'not null' => TRUE,
+  );
+  db_drop_primary_key('sessions');
+  db_change_field('sessions', 'sid', 'sid', $spec, array('primary key' => array('sid', 'ssid')));
+  // Updates the secure session ID field's description.
+  $spec = array(
+    'description' => "Secure session ID (hashed). The value is generated by Drupal's session handlers.",
+    'type' => 'varchar',
+    'length' => 128,
+    'not null' => TRUE,
+    'default' => '',
+  );
+  db_drop_primary_key('sessions');
+  db_change_field('sessions', 'sid', 'sid', $spec, array('primary key' => array('sid', 'ssid')));
+  $sessions = db_query('SELECT sid, ssid FROM {sessions}');
+  while ($session = $sessions->fetchAssoc()) {
+    $query = db_update('sessions');
+    $fields = array();
+    if (!empty($session['sid'])) {
+      $fields['sid'] = drupal_hash_base64($session['sid']);
+      $query->condition('sid', $session['sid']);
+    }
+    if (!empty($session['ssid'])) {
+      $fields['ssid'] = drupal_hash_base64($session['ssid']);
+      $query->condition('ssid', $session['ssid']);
+    }
+    db_update('sessions')
+      ->fields($fields)
+      ->execute();
+  }
 }
 
 /**