diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
index 7213eb3..3e73c7a 100644
--- a/modules/session/mod_session.c
+++ b/modules/session/mod_session.c
@@ -126,15 +126,9 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z)
 
     /* found a session that hasn't expired? */
     now = apr_time_now();
-    if (!zz || (zz->expiry && zz->expiry < now)) {
-
-        /* no luck, create a blank session */
-        zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
-        zz->pool = r->pool;
-        zz->entries = apr_table_make(zz->pool, 10);
-
-    }
-    else {
+    
+    if (zz){
+        /* load the session attibutes */
         rv = ap_run_session_decode(r, zz);
         if (OK != rv) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01817)
@@ -142,8 +136,22 @@ static apr_status_t ap_session_load(request_rec * r, session_rec ** z)
                           "session not loaded: %s", r->uri);
             return rv;
         }
+        
+        /* invalidate session if session is expired */
+        if (zz && zz->expiry && zz->expiry < now){
+           zz = NULL;
+        }
     }
 
+    if (!zz || (zz->expiry && zz->expiry < now)) {
+
+        /* no luck, create a blank session */
+        zz = (session_rec *) apr_pcalloc(r->pool, sizeof(session_rec));
+        zz->pool = r->pool;
+        zz->entries = apr_table_make(zz->pool, 10);
+
+    }
+    
     /* make sure the expiry is set, if present */
     if (!zz->expiry && dconf->maxage) {
         zz->expiry = now + dconf->maxage * APR_USEC_PER_SEC;