diff --git a/cps/__init__.py b/cps/__init__.py
index 1ba1f778..da0bc718 100644
--- a/cps/__init__.py
+++ b/cps/__init__.py
@@ -100,7 +100,6 @@ updater_thread = Updater()
 def create_app():
     lm.login_view = 'web.login'
     lm.anonymous_user = ub.Anonymous
-    lm.session_protection = 'strong'
 
     if csrf:
         csrf.init_app(app)
diff --git a/cps/admin.py b/cps/admin.py
index 09a553b4..5c646e46 100644
--- a/cps/admin.py
+++ b/cps/admin.py
@@ -104,8 +104,6 @@ def before_request():
     # make remember me function work
     if current_user.is_authenticated:
         confirm_login()
-    if not ub.check_user_session(current_user.id, flask_session.get('_id')) and 'opds' not in request.path:
-        logout_user()
     g.constants = constants
     g.user = current_user
     g.allow_registration = config.config_public_reg