diff --git a/lib/sessionkeepalive_ajax.php b/lib/sessionkeepalive_ajax.php
index a2047a7c490..7a930ff0c1f 100644
--- a/lib/sessionkeepalive_ajax.php
+++ b/lib/sessionkeepalive_ajax.php
@@ -27,7 +27,10 @@ require_once(dirname(__DIR__) . '/config.php');
 
 // Require the session key - want to make sure that this isn't called
 // maliciously to keep a session alive longer than intended.
-require_sesskey();
+if (!confirm_sesskey()) {
+    header('HTTP/1.1 403 Forbidden');
+    print_error('invalidsesskey');
+}
 
 // Update the session.
 \core\session\manager::touch_session(session_id());
diff --git a/lib/sessionlib.php b/lib/sessionlib.php
index 40640d688e2..e60462f34d3 100644
--- a/lib/sessionlib.php
+++ b/lib/sessionlib.php
@@ -82,7 +82,6 @@ function confirm_sesskey($sesskey=NULL) {
  */
 function require_sesskey() {
     if (!confirm_sesskey()) {
-        header('HTTP/1.1 403 Forbidden');
         print_error('invalidsesskey');
     }
 }