diff --git a/apps/dav/tests/unit/Connector/Sabre/AuthTest.php b/apps/dav/tests/unit/Connector/Sabre/AuthTest.php
index b3ab49a027e099b221f8ef51d13c2d8a4ace0f2a..147a0c2b8c5d52beadb3804a11181537ddad4c8c 100644
--- a/apps/dav/tests/unit/Connector/Sabre/AuthTest.php
+++ b/apps/dav/tests/unit/Connector/Sabre/AuthTest.php
@@ -159,7 +159,7 @@ class AuthTest extends TestCase {
 		$user = $this->getMockBuilder('\OCP\IUser')
 			->disableOriginalConstructor()
 			->getMock();
-		$user->expects($this->exactly(4))
+		$user->expects($this->exactly(3))
 			->method('getUID')
 			->will($this->returnValue('MyTestUser'));
 		$this->userSession
@@ -167,7 +167,7 @@ class AuthTest extends TestCase {
 			->method('isLoggedIn')
 			->will($this->returnValue(true));
 		$this->userSession
-			->expects($this->exactly(4))
+			->expects($this->exactly(3))
 			->method('getUser')
 			->will($this->returnValue($user));
 		$this->session
@@ -178,12 +178,8 @@ class AuthTest extends TestCase {
 		$this->userSession
 			->expects($this->once())
 			->method('logClientIn')
-			->with('MyTestUser', 'MyTestPassword')
+			->with('MyTestUser', 'MyTestPassword', $this->request)
 			->will($this->returnValue(true));
-		$this->userSession
-			->expects($this->once())
-			->method('createSessionToken')
-			->with($this->request, 'MyTestUser', 'MyTestUser', 'MyTestPassword');
 		$this->session
 			->expects($this->once())
 			->method('set')
@@ -626,17 +622,14 @@ class AuthTest extends TestCase {
 			->method('logClientIn')
 			->with('username', 'password')
 			->will($this->returnValue(true));
-		$this->userSession
-			->expects($this->once())
-			->method('createSessionToken');
 		$user = $this->getMockBuilder('\OCP\IUser')
 			->disableOriginalConstructor()
 			->getMock();
-		$user->expects($this->exactly(4))
+		$user->expects($this->exactly(3))
 			->method('getUID')
 			->will($this->returnValue('MyTestUser'));
 		$this->userSession
-			->expects($this->exactly(4))
+			->expects($this->exactly(3))
 			->method('getUser')
 			->will($this->returnValue($user));
 		$response = $this->auth->check($server->httpRequest, $server->httpResponse);
diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 0376e81b6dcaf261c28f12f05ac9c8f2f920ced3..0cebb3e0613ee7b2647524c8cff7b7904f8c31fe 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -370,11 +370,21 @@ class Session implements IUserSession, Emitter {
 			return false;
 		}
 
-		$this->createSessionToken($request, $this->getUser()->getUID(), $user, $password);
+		if ($this->supportsCookies($request)) {
+			$this->createSessionToken($request, $this->getUser()->getUID(), $user, $password);
+		}
 
 		return true;
 	}
 
+	protected function supportsCookies(IRequest $request) {
+		if (!is_null($request->getCookie('cookie_test'))) {
+			return true;
+		}
+		setcookie('cookie_test', 'test', $this->timeFacory->getTime() + 3600);
+		return false;
+	}
+
 	private function isTokenAuthEnforced() {
 		return $this->config->getSystemValue('token_auth_enforced', false);
 	}
@@ -432,7 +442,6 @@ class Session implements IUserSession, Emitter {
 	 */
 	public function tryBasicAuthLogin(IRequest $request) {
 		if (!empty($request->server['PHP_AUTH_USER']) && !empty($request->server['PHP_AUTH_PW'])) {
-			$request = \OC::$server->getRequest();
 			$result = $this->logClientIn($request->server['PHP_AUTH_USER'], $request->server['PHP_AUTH_PW'], $request);
 			if ($result === true) {
 				/**
diff --git a/tests/lib/User/SessionTest.php b/tests/lib/User/SessionTest.php
index eac38ebba160a5dbeac8a06f6843fb0718787d50..28f6b6a5377bba511ac406139bfe011b3e75e98c 100644
--- a/tests/lib/User/SessionTest.php
+++ b/tests/lib/User/SessionTest.php
@@ -311,11 +311,13 @@ class SessionTest extends \Test\TestCase {
 			->disableOriginalConstructor()
 			->getMock();
 		$session = $this->getMock('\OCP\ISession');
+		$request = $this->getMock('\OCP\IRequest');
+		$user = $this->getMock('\OCP\IUser');
 
 		/** @var \OC\User\Session $userSession */
 		$userSession = $this->getMockBuilder('\OC\User\Session')
 			->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config])
-			->setMethods(['login'])
+			->setMethods(['login', 'supportsCookies', 'createSessionToken', 'getUser'])
 			->getMock();
 
 		$this->tokenProvider->expects($this->once())
@@ -327,7 +329,46 @@ class SessionTest extends \Test\TestCase {
 			->with('token_auth_enforced', false)
 			->will($this->returnValue(true));
 
-		$this->assertFalse($userSession->logClientIn('john', 'doe'));
+		$this->assertFalse($userSession->logClientIn('john', 'doe', $request));
+	}
+
+	public function testLogClientInWithTokenPassword() {
+		$manager = $this->getMockBuilder('\OC\User\Manager')
+			->disableOriginalConstructor()
+			->getMock();
+		$session = $this->getMock('\OCP\ISession');
+		$request = $this->getMock('\OCP\IRequest');
+		$user = $this->getMock('\OCP\IUser');
+
+		/** @var \OC\User\Session $userSession */
+		$userSession = $this->getMockBuilder('\OC\User\Session')
+			->setConstructorArgs([$manager, $session, $this->timeFactory, $this->tokenProvider, $this->config])
+			->setMethods(['isTokenPassword', 'login', 'supportsCookies', 'createSessionToken', 'getUser'])
+			->getMock();
+
+		$userSession->expects($this->once())
+			->method('isTokenPassword')
+			->will($this->returnValue(true));
+		$userSession->expects($this->once())
+			->method('login')
+			->with('john', 'doe')
+			->will($this->returnValue(true));
+
+		$userSession->expects($this->once())
+			->method('supportsCookies')
+			->with($request)
+			->will($this->returnValue(true));
+		$userSession->expects($this->once())
+			->method('getUser')
+			->will($this->returnValue($user));
+		$user->expects($this->once())
+			->method('getUID')
+			->will($this->returnValue('user123'));
+		$userSession->expects($this->once())
+			->method('createSessionToken')
+			->with($request, 'user123', 'john', 'doe');
+		
+		$this->assertTrue($userSession->logClientIn('john', 'doe', $request));
 	}
 
 	public function testLogClientInNoTokenPasswordNo2fa() {
@@ -336,6 +377,7 @@ class SessionTest extends \Test\TestCase {
 			->getMock();
 		$session = $this->getMock('\OCP\ISession');
 		$user = $this->getMock('\OCP\IUser');
+		$request = $this->getMock('\OCP\IRequest');
 
 		/** @var \OC\User\Session $userSession */
 		$userSession = $this->getMockBuilder('\OC\User\Session')
@@ -357,7 +399,7 @@ class SessionTest extends \Test\TestCase {
 			->with('john')
 			->will($this->returnValue(true));
 
-		$this->assertFalse($userSession->logClientIn('john', 'doe'));
+		$this->assertFalse($userSession->logClientIn('john', 'doe', $request));
 	}
 
 	public function testRememberLoginValidToken() {