diff --git a/addressbook/preferences.php b/addressbook/preferences.php
index 7a234db387..2f1584d2d8 100644
--- a/addressbook/preferences.php
+++ b/addressbook/preferences.php
@@ -42,7 +42,7 @@
            $phpgw->preferences->delete("addressbook","mainscreen_showbirthdays");
         }
 
-        $phpgw->preferences->save_repository();
+        $phpgw->preferences->save_repository(True);
         Header("Location: " . $phpgw->link($phpgw_info["server"]["webserver_url"] . "/preferences/index.php"));
      }
   }
diff --git a/calendar/preferences.php b/calendar/preferences.php
index 31ee7c4a97..98f5870231 100644
--- a/calendar/preferences.php
+++ b/calendar/preferences.php
@@ -26,7 +26,7 @@
      } else {
         $phpgw->preferences->delete("calendar","mainscreen_showevents");
      }
-     $phpgw->preferences->save_repository();
+     $phpgw->preferences->save_repository(True);
      
      Header("Location: " . $phpgw->link($phpgw_info["server"]["webserver_url"] . "/preferences/index.php"));
      $phpgw->common->phpgw_exit();
diff --git a/phpgwapi/inc/class.preferences.inc.php b/phpgwapi/inc/class.preferences.inc.php
index 439f540ece..6a3a4c783f 100644
--- a/phpgwapi/inc/class.preferences.inc.php
+++ b/phpgwapi/inc/class.preferences.inc.php
@@ -92,22 +92,29 @@
       return $this->data;
     }
 
-    function save_repository()
+    function save_repository($update_session_info = False)
     {
       global $phpgw, $phpgw_info;
-      $this->db->lock("preferences");
-      $this->db->query("delete from preferences where preference_owner='" . $this->account_id . "'",__LINE__,__FILE__);
 
-      if ($PHP_VERSION < "4.0.0") {
-        $pref_info = addslashes(serialize($this->data));
-      } else {
-        $pref_info = serialize($this->data);
+      if (! $phpgw->acl->check("session_only_preferences",1,"preferences")) {
+         $this->db->lock("preferences");
+         $this->db->query("delete from preferences where preference_owner='" . $this->account_id . "'",__LINE__,__FILE__);
+   
+         if ($PHP_VERSION < "4.0.0") {
+           $pref_info = addslashes(serialize($this->data));
+         } else {
+           $pref_info = serialize($this->data);
+         }
+   
+         $this->db->query("insert into preferences (preference_owner,preference_value) values ('"
+                        . $this->account_id . "','" . $pref_info . "')",__LINE__,__FILE__);
+   
+         $this->db->unlock();
+      }
+      if ($update_session_info) {
+         $phpgw_info["user"]["preferences"] = $this->data;
+         $phpgw->session->update_session_info();
       }
-
-      $this->db->query("insert into preferences (preference_owner,preference_value) values ('"
-                     . $this->account_id . "','" . $pref_info . "')",__LINE__,__FILE__);
-
-      $this->db->unlock();
       return $this->data;
     }
 
@@ -124,9 +131,9 @@
     {
       return $this->add($app_name,$var,$value);
     }
-    function commit()
+    function commit($update_session_info = False)
     {
-      return $this->save_repository();
+      return $this->save_repository($update_session_info);
     }
 
   } //end of preferences class
diff --git a/phpgwapi/inc/class.sessions.inc.php b/phpgwapi/inc/class.sessions.inc.php
index ac902764a7..eab11f07f8 100644
--- a/phpgwapi/inc/class.sessions.inc.php
+++ b/phpgwapi/inc/class.sessions.inc.php
@@ -95,6 +95,7 @@
        $phpgw_info["user"]["kp3"] = $this->kp3;
        $phpgw_info_flags    = $phpgw_info["flags"];
        $phpgw_info          = $phpgw->crypto->decrypt($db->f("session_info"));
+       $this->data          = $phpgw_info["user"];
        $phpgw_info["flags"] = $phpgw_info_flags;
        $userid_array = explode("@",$db->f("session_lid"));
        $this->account_lid = $userid_array[0];
@@ -102,6 +103,7 @@
        if ($userid_array[1] != $phpgw_info["user"]["domain"]) {
           return False;
        }
+
        if (PHP_OS != "Windows" && (! $phpgw_info["user"]["session_ip"] || $phpgw_info["user"]["session_ip"] != $this->getuser_ip())){
           return False;
        }
@@ -130,6 +132,23 @@
                           . "'",__LINE__,__FILE__);
        }
     }
+    
+    function update_session_info()
+    {
+       global $phpgw, $phpgw_info;
+       $phpgw_info_temp = $phpgw_info;
+       $phpgw_info_temp["user"]["kp3"] = "";
+       $phpgw_info_temp["flags"] = array();
+
+       //$this->read_repositories();
+       if ($PHP_VERSION < "4.0.0") {
+          $info_string = addslashes($phpgw->crypto->encrypt($phpgw_info_temp));
+       } else {
+          $info_string = $phpgw->crypto->encrypt($phpgw_info_temp);
+       }
+       $phpgw->db->query("update phpgw_sessions set session_info='$info_string' where session_id='"
+                       . $this->sessionid . "'",__LINE__,__FILE__);
+    }
 
     function read_repositories()
     {
@@ -138,10 +157,10 @@
       $phpgw->accounts->accounts($this->account_id);
       $phpgw->preferences->preferences($this->account_id);
       $phpgw->applications->applications($this->account_id);
-      $phpgw_info["user"] = $phpgw->accounts->read_repository();
-      $phpgw_info["user"]["acl"] = $phpgw->acl->read_repository();
+      $phpgw_info["user"]                = $phpgw->accounts->read_repository();
+      $phpgw_info["user"]["acl"]         = $phpgw->acl->read_repository();
       $phpgw_info["user"]["preferences"] = $phpgw->preferences->read_repository();
-      $phpgw_info["user"]["apps"] = $phpgw->applications->read_repository();
+      $phpgw_info["user"]["apps"]        = $phpgw->applications->read_repository();
       @reset($phpgw_info["user"]["apps"]);
 
       $phpgw_info["user"]["domain"]      = $this->account_domain;
@@ -193,8 +212,8 @@
       $phpgw->accounts->account_id = $this->account_id;
 
       $phpgw_info["user"] = $phpgw->accounts->read_repository();
-      $this->sessionid = md5($phpgw->common->randomstring(10));
-      $this->kp3 = md5($phpgw->common->randomstring(15));
+      $this->sessionid    = md5($phpgw->common->randomstring(10));
+      $this->kp3          = md5($phpgw->common->randomstring(15));
 
       $phpgw->common->key  = $phpgw_info["server"]["encryptkey"];
       $phpgw->common->key .= $this->sessionid;
@@ -213,13 +232,15 @@
          if ($this->account_domain == $phpgw_info["server"]["default_domain"]) {
             Setcookie("last_loginid", $this->account_lid ,time()+1209600);  // For 2 weeks
          } else {
-            Setcookie("last_loginid", $login ,time()+1209600);  // For 2 weeks
+            Setcookie("last_loginid", $login ,time()+1209600);              // For 2 weeks
          }
-         unset ($phpgw_info["server"]["default_domain"]); // we kill this for security reasons
+         unset ($phpgw_info["server"]["default_domain"]);                   // we kill this for security reasons
       }
 
+      // Why are we double encrypting it ?
+      // If mcrypt is already installed, the entire session_info field is all ready encrypted. (jengo)
       $this->passwd = $phpgw->common->encrypt($passwd);
-      $this->read_repositories($this->account_id);
+      $this->read_repositories();
 
       if ($PHP_VERSION < "4.0.0") {
          $info_string = addslashes($phpgw->crypto->encrypt($this->data));
diff --git a/preferences/settings.php b/preferences/settings.php
index 5c052aa84e..abf6d91e72 100755
--- a/preferences/settings.php
+++ b/preferences/settings.php
@@ -242,7 +242,7 @@
         }
      }
 
-     $phpgw->preferences->commit();
+     $phpgw->preferences->commit(True);
 
      if ($phpgw_info["server"]["useframes"] != "never") {
         Header("Location: " . $phpgw->link($phpgw_info["server"]["webserver_url"] . "/preferences/index.php"));