diff --git a/app/services/out_of_band_session_accessor.rb b/app/services/out_of_band_session_accessor.rb
index f06e3c9a472..dd2146ca100 100644
--- a/app/services/out_of_band_session_accessor.rb
+++ b/app/services/out_of_band_session_accessor.rb
@@ -28,7 +28,7 @@ def load_x509
   end
 
   def destroy
-    session_store.send(:destroy_session_from_sid, session_uuid, drop: true)
+    session_store.send(:delete_session, {}, Rack::Session::SessionId.new(session_uuid), drop: true)
   end
 
   # @api private
@@ -60,13 +60,20 @@ def put(data, expiration = 5.minutes)
       'warden.user.user.session' => data.to_h,
     }
 
-    session_store.
-      send(:set_session, {}, session_uuid, session_data, expire_after: expiration.to_i)
+    session_store.send(
+      :write_session,
+      {},
+      Rack::Session::SessionId.new(session_uuid),
+      session_data,
+      expire_after: expiration.to_i,
+    )
   end
 
   # @return [Hash]
   def session_data
-    @session_data ||= session_store.send(:load_session_from_redis, session_uuid) || {}
+    @session_data ||= session_store.send(
+      :find_session, {}, Rack::Session::SessionId.new(session_uuid)
+    ).last || {}
   end
 
   def session_store
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 713df6f1ae8..26a20481647 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -9,6 +9,9 @@
     # cookie expires with browser close
     expire_after: nil,
 
+    write_fallback: true,
+    read_fallback: true,
+
     # Redis expires session after N minutes
     ttl: IdentityConfig.store.session_timeout_in_minutes.minutes,
 
diff --git a/spec/services/access_token_verifier_spec.rb b/spec/services/access_token_verifier_spec.rb
index ed134b39bf1..9e620cc8465 100644
--- a/spec/services/access_token_verifier_spec.rb
+++ b/spec/services/access_token_verifier_spec.rb
@@ -7,7 +7,13 @@
   subject(:verifier) { AccessTokenVerifier.new(http_authorization_header) }
   let(:http_authorization_header) { "Bearer #{access_token}" }
 
-  let(:identity) { build(:service_provider_identity, access_token: SecureRandom.urlsafe_base64) }
+  let(:identity) do
+    build(
+      :service_provider_identity,
+      rails_session_id: '123',
+      access_token: SecureRandom.urlsafe_base64,
+    )
+  end
 
   describe '#submit' do
     let(:result) { verifier.submit }
diff --git a/spec/services/id_token_builder_spec.rb b/spec/services/id_token_builder_spec.rb
index 17b11420f10..e67521855c7 100644
--- a/spec/services/id_token_builder_spec.rb
+++ b/spec/services/id_token_builder_spec.rb
@@ -11,6 +11,7 @@
       nonce: SecureRandom.hex,
       uuid: SecureRandom.uuid,
       ial: 2,
+      rails_session_id: '123',
       # this is a known value from an example developer guide
       # https://www.pingidentity.com/content/developer/en/resources/openid-connect-developers-guide.html
       access_token: 'dNZX1hEZ9wBCzNL40Upu646bdzQA',