diff --git a/src/Umbraco.Core/Security/BackOfficeClaimsIdentityFactory.cs b/src/Umbraco.Core/Security/BackOfficeClaimsIdentityFactory.cs
index 8529132bb5..9c46ae69f4 100644
--- a/src/Umbraco.Core/Security/BackOfficeClaimsIdentityFactory.cs
+++ b/src/Umbraco.Core/Security/BackOfficeClaimsIdentityFactory.cs
@@ -9,6 +9,12 @@ namespace Umbraco.Core.Security
 {
     public class BackOfficeClaimsIdentityFactory : ClaimsIdentityFactory<BackOfficeIdentityUser, int>
     {
+        public BackOfficeClaimsIdentityFactory()
+        {
+            SecurityStampClaimType = Constants.Security.SessionIdClaimType;
+            UserNameClaimType = ClaimTypes.Name;
+        }
+
         /// <summary>
         /// Create a ClaimsIdentity from a user
         /// </summary>
@@ -20,7 +26,7 @@ namespace Umbraco.Core.Security
 
             var umbracoIdentity = new UmbracoBackOfficeIdentity(baseIdentity,
                 //set a new session id
-                new UserData(Guid.NewGuid().ToString("N"))
+                new UserData
                 {
                     Id = user.Id,
                     Username = user.UserName,
@@ -29,7 +35,8 @@ namespace Umbraco.Core.Security
                     Culture = user.Culture,
                     Roles = user.Roles.Select(x => x.RoleId).ToArray(),
                     StartContentNode = user.StartContentId,
-                    StartMediaNode = user.StartMediaId
+                    StartMediaNode = user.StartMediaId,
+                    SessionId = user.SecurityStamp
                 });
 
             return umbracoIdentity;
diff --git a/src/Umbraco.Core/Security/UmbracoBackOfficeIdentity.cs b/src/Umbraco.Core/Security/UmbracoBackOfficeIdentity.cs
index 6ce81f3e9f..dafc0433b1 100644
--- a/src/Umbraco.Core/Security/UmbracoBackOfficeIdentity.cs
+++ b/src/Umbraco.Core/Security/UmbracoBackOfficeIdentity.cs
@@ -209,17 +209,19 @@ namespace Umbraco.Core.Security
 
             if (HasClaim(x => x.Type == ClaimTypes.Locality) == false)
                 AddClaim(new Claim(ClaimTypes.Locality, Culture, ClaimValueTypes.String, Issuer, Issuer, this));
-            
-            ////TODO: Not sure why this is null sometimes, it shouldn't be. Somewhere it's not being set 
-            /// I think it's due to some bug I had in chrome, we'll see 
-            //if (UserData.SessionId.IsNullOrWhiteSpace())
-            //{
-            //    UserData.SessionId = Guid.NewGuid().ToString();
-            //}
 
             if (HasClaim(x => x.Type == Constants.Security.SessionIdClaimType) == false)
+            {
                 AddClaim(new Claim(Constants.Security.SessionIdClaimType, SessionId, ClaimValueTypes.String, Issuer, Issuer, this));
 
+                //The security stamp claim is also required... this is because this claim type is hard coded 
+                // by the SecurityStampValidator, see: https://katanaproject.codeplex.com/workitem/444
+                if (HasClaim(x => x.Type == Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType) == false)
+                {
+                    AddClaim(new Claim(Microsoft.AspNet.Identity.Constants.DefaultSecurityStampClaimType, SessionId, ClaimValueTypes.String, Issuer, Issuer, this));
+                }
+            }
+
             //Add each app as a separate claim
             if (HasClaim(x => x.Type == Constants.Security.AllowedApplicationsClaimType) == false)
             {
diff --git a/src/Umbraco.Core/Security/UserData.cs b/src/Umbraco.Core/Security/UserData.cs
index ff49636217..407d2782dd 100644
--- a/src/Umbraco.Core/Security/UserData.cs
+++ b/src/Umbraco.Core/Security/UserData.cs
@@ -20,7 +20,7 @@ namespace Umbraco.Core.Security
         /// Use this constructor to create/assign new UserData to the ticket
         /// </summary>
         /// <param name="sessionId">
-        /// A unique id that is assigned to this ticket
+        /// The security stamp for the user
         /// </param>
         public UserData(string sessionId)
         {
@@ -30,8 +30,7 @@ namespace Umbraco.Core.Security
         }
 
         /// <summary>
-        /// This is used to Id the current ticket which we can then use to mitigate csrf attacks
-        /// and other things that require request validation.
+        /// This is the 'security stamp' for validation
         /// </summary>        
         [DataMember(Name = "sessionId")]
         public string SessionId { get; set; } 
@@ -42,8 +41,6 @@ namespace Umbraco.Core.Security
         [DataMember(Name = "roles")]
         public string[] Roles { get; set; }
 
-        //public int SessionTimeout { get; set; }
-
         [DataMember(Name = "username")]
         public string Username { get; set; }
 
diff --git a/src/Umbraco.Web/Models/Mapping/UserModelMapper.cs b/src/Umbraco.Web/Models/Mapping/UserModelMapper.cs
index e1c3cc4f1e..72093b19a8 100644
--- a/src/Umbraco.Web/Models/Mapping/UserModelMapper.cs
+++ b/src/Umbraco.Web/Models/Mapping/UserModelMapper.cs
@@ -42,7 +42,7 @@ namespace Umbraco.Web.Models.Mapping
                   .ForMember(detail => detail.UserId, opt => opt.MapFrom(profile => GetIntId(profile.Id)));
 
             config.CreateMap<IUser, UserData>()
-                .ConstructUsing((IUser user) => new UserData(Guid.NewGuid().ToString("N"))) //this is the 'session id'
+                .ConstructUsing((IUser user) => new UserData())
                 .ForMember(detail => detail.Id, opt => opt.MapFrom(user => user.Id))
                 .ForMember(detail => detail.AllowedApplications, opt => opt.MapFrom(user => user.AllowedSections))
                 .ForMember(detail => detail.RealName, opt => opt.MapFrom(user => user.Name))