diff --git a/python/nav/web/auth/utils.py b/python/nav/web/auth/utils.py
index 8a4d10d217..160fcac47c 100644
--- a/python/nav/web/auth/utils.py
+++ b/python/nav/web/auth/utils.py
@@ -31,14 +31,15 @@
 ACCOUNT_ID_VAR = 'account_id'
 
 
-def set_account(request, account):
+def set_account(request, account, cycle_session_id=True):
     """Updates request with new account.
-    Cycles the session ID to avoid session fixation.
+    Cycles the session ID by default to avoid session fixation.
     """
     request.session[ACCOUNT_ID_VAR] = account.id
     request.account = account
     _logger.debug('Set active account to "%s"', account.login)
-    request.session.cycle_key()
+    if cycle_session_id:
+        request.session.cycle_key()
     request.session.save()
 
 
@@ -56,7 +57,8 @@ def ensure_account(request):
         # Assumes nobody has locked it..
         account = Account.objects.get(id=Account.DEFAULT_ACCOUNT)
 
-    set_account(request, account)
+    # Do not cycle to avoid session_id being changed on every request
+    set_account(request, account, cycle_session_id=False)
 
 
 def authorization_not_required(fullpath):