diff --git a/modules/openid/lib/SessionStore.php b/modules/openid/lib/SessionStore.php
new file mode 100644
index 0000000000000000000000000000000000000000..a084d0919626819c0a505a9877f722425930f48f
--- /dev/null
+++ b/modules/openid/lib/SessionStore.php
@@ -0,0 +1,54 @@
+<?php
+
+/**
+ * Class which implements the openid session store logic.
+ *
+ * This class has the interface specified in the constructor of the
+ * Auth_OpenID_Consumer class.
+ *
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class sspmod_openid_SessionStore {
+
+	/**
+	 * Retrieve a key from the session store.
+	 *
+	 * @param string $key  The key we should retrieve.
+	 * @return mixed  The value stored with the given key, or NULL if the key isn't found.
+	 */
+	public function get($key) {
+		assert('is_string($key)');
+
+		$session = SimpleSAML_Session::getInstance();
+		return $session->getData('openid.session', $key);
+	}
+
+
+	/**
+	 * Save a value to the session store under the given key.
+	 *
+	 * @param string $key  The key we should save.
+	 * @param mixed NULL $value  The value we should save.
+	 */
+	public function set($key, $value) {
+		assert('is_string($key)');
+
+		$session = SimpleSAML_Session::getInstance();
+		$session->setData('openid.session', $key, $value);
+	}
+
+
+	/**
+	 * Delete a key from the session store.
+	 *
+	 * @param string $key  The key we should delete.
+	 */
+	public function del($key) {
+		assert('is_string($key)');
+
+		$session = SimpleSAML_Session::getInstance();
+		$session->deleteData('openid.session', $key);
+	}
+
+}
diff --git a/modules/openid/www/consumer.php b/modules/openid/www/consumer.php
index 764f1fbf51623edb0de108e7fdc089c6612f92f3..c6b9392e2c0d42a85a937e8f5ca6fff8c44b585c 100644
--- a/modules/openid/www/consumer.php
+++ b/modules/openid/www/consumer.php
@@ -13,20 +13,6 @@ require_once('Auth/OpenID/SReg.php');
 require_once('Auth/OpenID/Server.php');
 require_once('Auth/OpenID/ServerRequest.php');
 
-/*
- * The OpenID library uses the $_SESSION variable, so we may need to
- * initialize the session.
- *
- * We first initialize the SimpleSAML_Session object, to allow its configuration to
- * take precedence. If the SimpleSAML_Session object doesn't use the PHP session, we
- * will initialize the PHP session with default settings.
- */
-SimpleSAML_Session::getInstance();
-if(session_id() === '') {
-	/* PHP session not initialized - start session. */
-	session_start();
-}
-
 $config = SimpleSAML_Configuration::getInstance();
 
 /* Find the authentication state. */
@@ -57,7 +43,8 @@ function displayError($message) {
 function getConsumer() {
 	global $state;
 	$store = new sspmod_openid_StateStore($state);
-	return new Auth_OpenID_Consumer($store);
+	$session = new sspmod_openid_SessionStore();
+	return new Auth_OpenID_Consumer($store, $session);
 }
 
 function getReturnTo() {