diff --git a/pkg/api/http_server.go b/pkg/api/http_server.go
index d4b8d8777c4..7b7c1478a4c 100644
--- a/pkg/api/http_server.go
+++ b/pkg/api/http_server.go
@@ -65,6 +65,8 @@ func (hs *HTTPServer) Init() error {
 	hs.macaron = hs.newMacaron()
 	hs.registerRoutes()
 
+	session.Init(&setting.SessionOptions, setting.SessionConnMaxLifetime)
+
 	return nil
 }
 
@@ -225,7 +227,6 @@ func (hs *HTTPServer) addMiddlewaresAndStaticRoutes() {
 	m.Use(hs.metricsEndpoint)
 	m.Use(middleware.GetContextHandler(hs.AuthTokenService))
 	m.Use(middleware.OrgRedirect())
-	session.Init(&setting.SessionOptions, setting.SessionConnMaxLifetime)
 
 	// needs to be after context handler
 	if setting.EnforceDomain {
diff --git a/pkg/middleware/auth_proxy.go b/pkg/middleware/auth_proxy.go
index c5be1f32a09..93ee577e3c6 100644
--- a/pkg/middleware/auth_proxy.go
+++ b/pkg/middleware/auth_proxy.go
@@ -42,6 +42,12 @@ func initContextWithAuthProxy(ctx *m.ReqContext, orgID int64) bool {
 		return false
 	}
 
+	defer func() {
+		if err := ctx.Session.Release(); err != nil {
+			ctx.Logger.Error("failed to save session data", "error", err)
+		}
+	}()
+
 	query := &m.GetSignedInUserQuery{OrgId: orgID}
 
 	// if this session has already been authenticated by authProxy just load the user
@@ -163,10 +169,6 @@ func initContextWithAuthProxy(ctx *m.ReqContext, orgID int64) bool {
 	ctx.IsSignedIn = true
 	ctx.Session.Set(session.SESS_KEY_USERID, ctx.UserId)
 
-	if err := ctx.Session.Release(); err != nil {
-		ctx.Logger.Error("failed to save session data", "error", err)
-	}
-
 	return true
 }