diff --git a/Phraseanet-production-client/dist/production.js b/Phraseanet-production-client/dist/production.js
index 783bf2dc36..1fb5b946c0 100644
--- a/Phraseanet-production-client/dist/production.js
+++ b/Phraseanet-production-client/dist/production.js
@@ -10112,7 +10112,6 @@ var workzone = function workzone(services) {
         });
 
         (0, _jquery2.default)('#idFrameC').on('click', '.basket_refresher', function () {
-            console.log("======= CLINK ======");
             return workzoneOptions.refresh('current');
         });
         activeBaskets();
diff --git a/Phraseanet-production-client/dist/production.min.js b/Phraseanet-production-client/dist/production.min.js
index 783bf2dc36..1fb5b946c0 100644
--- a/Phraseanet-production-client/dist/production.min.js
+++ b/Phraseanet-production-client/dist/production.min.js
@@ -10112,7 +10112,6 @@ var workzone = function workzone(services) {
         });
 
         (0, _jquery2.default)('#idFrameC').on('click', '.basket_refresher', function () {
-            console.log("======= CLINK ======");
             return workzoneOptions.refresh('current');
         });
         activeBaskets();
diff --git a/lib/Alchemy/Phrasea/Core/Event/Subscriber/SessionManagerSubscriber.php b/lib/Alchemy/Phrasea/Core/Event/Subscriber/SessionManagerSubscriber.php
index fa49f36e64..0c13698649 100644
--- a/lib/Alchemy/Phrasea/Core/Event/Subscriber/SessionManagerSubscriber.php
+++ b/lib/Alchemy/Phrasea/Core/Event/Subscriber/SessionManagerSubscriber.php
@@ -89,6 +89,14 @@ class SessionManagerSubscriber implements EventSubscriberInterface
             return;
         }
 
+        if(!is_null($h_usr_id = $request->headers->get('user-id'))) {
+            $a_usr_id = $this->app->getAuthenticator()->getUser()->getId();
+            if((int)$h_usr_id !== (int)$a_usr_id) {
+                $this->setDisconnectResponse($event);
+                return;
+            }
+        }
+
         // ANY route can disconnect the user if idle duration is passed
         //
         /** @var Session $session */
diff --git a/resources/www/common/js/components/common.js b/resources/www/common/js/components/common.js
index 77b4329093..7364955399 100644
--- a/resources/www/common/js/components/common.js
+++ b/resources/www/common/js/components/common.js
@@ -117,10 +117,18 @@ var commonModule = (function ($, p4) {
     /**
      * pool notifications on route /user/notifications
      *
+     * @param usr_id        // the id of the user originally logged (immutable from twig)
      * @param update        // bool to refresh the counter/dropdown
      * @param recurse       // bool to re-run recursively (used by menubar)
      */
-    function pollNotifications(update, recurse) {
+    function pollNotifications(usr_id, update, recurse) {
+        var headers = {
+            'update-session': recurse ? '0' : '1'       // polling should not maintain the session alive
+                                                        // also : use lowercase as recomended / normalized
+        };
+        if(usr_id !== null) {
+            headers['user-id'] = usr_id;
+        }
         $.ajax({
             type: "GET",
             url: "/user/notifications/",
@@ -130,10 +138,7 @@ var commonModule = (function ($, p4) {
                 'limit': 10,
                 'what': 2,      // 2 : only unread
             },
-            headers: {
-                'update-session': '0'           // polling should not maintain the session alive
-                                                // also : use lowercase as recomended / normalized
-            },
+            headers: headers,
             error: function (data) {
                 if(data.getResponseHeader('x-phraseanet-end-session')) {
                     self.location.replace(self.location.href);  // refresh will redirect to login
@@ -141,7 +146,7 @@ var commonModule = (function ($, p4) {
             },
             timeout: function () {
                 if(recurse) {
-                    window.setTimeout(function() { pollNotifications(update, recurse); }, 10000);
+                    window.setTimeout(function() { pollNotifications(usr_id, update, recurse); }, 10000);
                 }
             },
             success: function (data) {
@@ -150,7 +155,7 @@ var commonModule = (function ($, p4) {
                     updateNotifications(data);
                 }
                 if(recurse) {
-                    window.setTimeout(function() { pollNotifications(update, recurse); }, 30000);
+                    window.setTimeout(function() { pollNotifications(usr_id, update, recurse); }, 30000);
                 }
             }
         })
@@ -171,7 +176,7 @@ var commonModule = (function ($, p4) {
             },
             success: function () {
                 // update the counter & dropdown
-                pollNotifications(true, false);     // true:update ; false : do not recurse
+                pollNotifications(null, true, false);     // true:update ; false : do not recurse
             }
         });
     }
diff --git a/templates/web/common/menubar.html.twig b/templates/web/common/menubar.html.twig
index 54fa6a44fe..d8021de270 100644
--- a/templates/web/common/menubar.html.twig
+++ b/templates/web/common/menubar.html.twig
@@ -417,9 +417,9 @@
     });
 
     /**manage session and redirect to login page**/
-
+    var usr_id = '{{ app.getAuthenticator().user.getId }}';
     var module = '{{ module }}';
 
     // start pooling recursively
-    window.setTimeout( function() { commonModule.pollNotifications(module === 'prod', true); }, 2000);
+    window.setTimeout( function() { commonModule.pollNotifications(usr_id, module === 'prod', true); }, 2000);
 </script>