diff --git a/library/Icinga/Authentication/Auth.php b/library/Icinga/Authentication/Auth.php
index f80326999..f8fac1ac0 100644
--- a/library/Icinga/Authentication/Auth.php
+++ b/library/Icinga/Authentication/Auth.php
@@ -270,7 +270,7 @@ class Auth
     }
 
     /**
-     * Attempt to authenticate a user using HTTP authentication
+     * Attempt to authenticate a user using HTTP authentication on API requests only
      *
      * Supports only the Basic HTTP authentication scheme. XHR will be ignored.
      *
@@ -278,13 +278,11 @@ class Auth
      */
     protected function authHttp()
     {
-        if ($this->getRequest()->isXmlHttpRequest()) {
+        $request = $this->getRequest();
+        if ($request->isXmlHttpRequest() || ! $request->isApiRequest()) {
             return false;
         }
-        if (($header = $this->getRequest()->getHeader('Authorization')) === false) {
-            return false;
-        }
-        if (empty($header)) {
+        if (empty($header = $request->getHeader('Authorization'))) {
             $this->challengeHttp();
         }
         list($scheme) = explode(' ', $header, 2);
diff --git a/library/Icinga/Web/Session/PhpSession.php b/library/Icinga/Web/Session/PhpSession.php
index 06fd08b7c..0c10cdefa 100644
--- a/library/Icinga/Web/Session/PhpSession.php
+++ b/library/Icinga/Web/Session/PhpSession.php
@@ -213,7 +213,9 @@ class PhpSession extends Session
     public function refreshId()
     {
         $this->open();
-        session_regenerate_id();
+        if ($this->exists()) {
+            session_regenerate_id();
+        }
         session_write_close();
         $this->hasBeenTouched = true;
     }