diff --git a/lib/private/Security/CSRF/TokenStorage/SessionStorage.php b/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
index cf4cdfa503619e76b0582113afb67128c30a1d89..9d2e723a6d39af7d77f830b8ce71671ed436a1dc 100644
--- a/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
+++ b/lib/private/Security/CSRF/TokenStorage/SessionStorage.php
@@ -40,6 +40,13 @@ class SessionStorage {
 		$this->session = $session;
 	}
 
+	/**
+	 * @param ISession $session
+	 */
+	public function setSession(ISession $session) {
+		$this->session = $session;
+	}
+
 	/**
 	 * Returns the current token or throws an exception if none is found.
 	 *
diff --git a/lib/private/Server.php b/lib/private/Server.php
index 6f25098eb357f0b4dee8ceab11d528cb5b4a6bb3..dca50c15733de04381cb0c52d95baa11da00a0ad 100644
--- a/lib/private/Server.php
+++ b/lib/private/Server.php
@@ -710,13 +710,15 @@ class Server extends ServerContainer implements IServerContainer {
 		});
 		$this->registerService('CsrfTokenManager', function (Server $c) {
 			$tokenGenerator = new CsrfTokenGenerator($c->getSecureRandom());
-			$sessionStorage = new SessionStorage($c->getSession());
 
 			return new CsrfTokenManager(
 				$tokenGenerator,
-				$sessionStorage
+				$c->query(SessionStorage::class)
 			);
 		});
+		$this->registerService(SessionStorage::class, function (Server $c) {
+			return new SessionStorage($c->getSession());
+		});
 		$this->registerService('ContentSecurityPolicyManager', function (Server $c) {
 			return new ContentSecurityPolicyManager();
 		});
@@ -945,6 +947,7 @@ class Server extends ServerContainer implements IServerContainer {
 	 * @param \OCP\ISession $session
 	 */
 	public function setSession(\OCP\ISession $session) {
+		$this->query(SessionStorage::class)->setSession($session);
 		return $this->query('UserSession')->setSession($session);
 	}