diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 1724ae9dd42..90e173ec168 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -243,12 +243,12 @@ $prefix = dol_getprefix(''); // This uses the $conf file
 $sessionname = 'DOLSESSID_'.$prefix;
 $sessiontimeout = 'DOLSESSTIMEOUT_'.$prefix;
 if (!empty($_COOKIE[$sessiontimeout])) ini_set('session.gc_maxlifetime', $_COOKIE[$sessiontimeout]);
-session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie (same as setting session.cookie_httponly into php.ini). Must be called before the session_start.
-session_name($sessionname);
 // This create lock, released by session_write_close() or end of page.
 // We need this lock as long as we read/write $_SESSION ['vars']. We can remove lock when finished.
 if (!defined('NOSESSION'))
 {
+	session_set_cookie_params(0, '/', null, (empty($dolibarr_main_force_https) ? false : true), true); // Add tag secure and httponly on session cookie (same as setting session.cookie_httponly into php.ini). Must be called before the session_start.
+	session_name($sessionname);
 	session_start();
 }
 
diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php
index 008a2dcafd1..f6eb7783c4f 100644
--- a/test/phpunit/SecurityTest.php
+++ b/test/phpunit/SecurityTest.php
@@ -34,6 +34,7 @@ if (! defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1'); // If there is no
 if (! defined('NOREQUIREHTML'))  define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
 if (! defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1');
 if (! defined("NOLOGIN"))        define("NOLOGIN", '1');       // If this page is public (can be called outside logged session)
+if (! defined("NOSESSION"))      define("NOSESSION", '1');
 
 require_once dirname(__FILE__).'/../../htdocs/main.inc.php';
 require_once dirname(__FILE__).'/../../htdocs/core/lib/security.lib.php';