diff --git a/server/src/com/cloud/api/ApiServlet.java b/server/src/com/cloud/api/ApiServlet.java
index e30a6ca2ba2..4322154a947 100644
--- a/server/src/com/cloud/api/ApiServlet.java
+++ b/server/src/com/cloud/api/ApiServlet.java
@@ -245,13 +245,7 @@ public class ApiServlet extends HttpServlet {
                 userId = (Long)session.getAttribute("userid");
                 final String account = (String) session.getAttribute("account");
                 final Object accountObj = session.getAttribute("accountobj");
-                final String sessionKey = (String) session.getAttribute(ApiConstants.SESSIONKEY);
-                final String sessionKeyFromCookie = HttpUtils.findCookie(req.getCookies(), ApiConstants.SESSIONKEY);
-                final String[] sessionKeyFromParams = (String[]) params.get(ApiConstants.SESSIONKEY);
-                if ((sessionKey == null)
-                        || (sessionKeyFromParams == null && sessionKeyFromCookie == null)
-                        || (sessionKeyFromParams != null && !sessionKey.equals(sessionKeyFromParams[0]))
-                        || (sessionKeyFromCookie != null && !sessionKey.equals(sessionKeyFromCookie))) {
+                if (!HttpUtils.validateSessionKey(session, params, req.getCookies(), ApiConstants.SESSIONKEY)) {
                     try {
                         session.invalidate();
                     } catch (final IllegalStateException ise) {
diff --git a/utils/src/com/cloud/utils/HttpUtils.java b/utils/src/com/cloud/utils/HttpUtils.java
index 6077c44da40..379b1170004 100644
--- a/utils/src/com/cloud/utils/HttpUtils.java
+++ b/utils/src/com/cloud/utils/HttpUtils.java
@@ -23,7 +23,9 @@ import org.apache.log4j.Logger;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.io.IOException;
+import java.util.Map;
 
 public class HttpUtils {
 
@@ -89,4 +91,18 @@ public class HttpUtils {
             }
         }
     }
+
+    public static boolean validateSessionKey(final HttpSession session, final Map<String, Object[]> params, final Cookie[] cookies, final String sessionKeyString) {
+        final String sessionKey = (String) session.getAttribute(sessionKeyString);
+        final String sessionKeyFromCookie = HttpUtils.findCookie(cookies, sessionKeyString);
+        final String[] sessionKeyFromParams = (String[]) params.get(sessionKeyString);
+        if ((sessionKey == null)
+                || (sessionKeyFromParams == null && sessionKeyFromCookie == null)
+                || (sessionKeyFromParams != null && !sessionKey.equals(sessionKeyFromParams[0]))
+                || (sessionKeyFromCookie != null && !sessionKey.equals(sessionKeyFromCookie))) {
+            return false;
+        }
+        return true;
+    }
+
 }