diff --git a/utils/src/main/java/com/cloud/utils/HttpUtils.java b/utils/src/main/java/com/cloud/utils/HttpUtils.java
index cc97bf4ba151..2b2450dd31b9 100644
--- a/utils/src/main/java/com/cloud/utils/HttpUtils.java
+++ b/utils/src/main/java/com/cloud/utils/HttpUtils.java
@@ -116,8 +116,8 @@ public static boolean validateSessionKey(final HttpSession session, final Map<St
             return false;
         }
         final String jsessionidFromCookie = HttpUtils.findCookie(cookies, "JSESSIONID");
-        if (jsessionidFromCookie == null
-                || !(jsessionidFromCookie.startsWith(session.getId() + '.'))) {
+        if (jsessionidFromCookie != null
+                && !(jsessionidFromCookie.equals(session.getId()) || jsessionidFromCookie.startsWith(session.getId() + '.'))) {
             s_logger.error("JSESSIONID from cookie is invalid.");
             return false;
         }
diff --git a/utils/src/test/java/com/cloud/utils/HttpUtilsTest.java b/utils/src/test/java/com/cloud/utils/HttpUtilsTest.java
index e94724ce3d63..9047934c75c5 100644
--- a/utils/src/test/java/com/cloud/utils/HttpUtilsTest.java
+++ b/utils/src/test/java/com/cloud/utils/HttpUtilsTest.java
@@ -74,7 +74,7 @@ public void validateSessionKeyTest() {
         params = null;
         cookies = new Cookie[]{new Cookie(sessionKeyString, sessionKeyValue)};
         assertFalse(HttpUtils.validateSessionKey(session, params, cookies, "randomString", HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
 
         // param null, cookies not null test (JSESSIONID is not null and matches)
         cookies = new Cookie[2];
@@ -95,7 +95,7 @@ public void validateSessionKeyTest() {
         cookies = null;
         assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
         params.put(sessionKeyString, new String[]{sessionKeyValue});
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
 
         // both param and cookies not null test (JSESSIONID is null)
         params = new HashMap<String, Object[]>();
@@ -104,7 +104,7 @@ public void validateSessionKeyTest() {
         params.put(sessionKeyString, new String[]{"incorrectValue"});
         assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
         params.put(sessionKeyString, new String[]{sessionKeyValue});
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
 
         // both param and cookies not null test (JSESSIONID is not null but mismatches)
         params = new HashMap<String, Object[]>();