diff --git a/core/includes/session.inc b/core/includes/session.inc
index 002d8dc..5ffbb8d 100644
--- a/core/includes/session.inc
+++ b/core/includes/session.inc
@@ -244,7 +244,7 @@ function drupal_session_initialize() {
 
   $is_https = \Drupal::request()->isSecure();
   $cookies = \Drupal::request()->cookies;
-  if ($cookies->has(session_name()) || ($is_https && settings()->get('mixed_mode_sessions', FALSE) && $cookies->has(substr(session_name(), 1)))) {
+  if (($cookies->has(session_name()) && ($session_name = $cookies->get(session_name()))) || ($is_https && settings()->get('mixed_mode_sessions', FALSE) && ($cookies->has(substr(session_name(), 1))) && ($session_name = $cookies->get(substr(session_name(), 1))))) {
     // If a session cookie exists, initialize the session. Otherwise the
     // session is only started on demand in drupal_session_commit(), making
     // anonymous users not use a session cookie unless something is stored in