diff --git a/keyserver/src/session/bots.js b/keyserver/src/session/bots.js
--- a/keyserver/src/session/bots.js
+++ b/keyserver/src/session/bots.js
@@ -28,6 +28,7 @@
     userID,
     cookieID: null,
     cookiePassword: null,
+    cookieHash: null,
     sessionID: null,
     sessionInfo: null,
     isScriptViewer: true,
diff --git a/keyserver/src/session/cookies.js b/keyserver/src/session/cookies.js
--- a/keyserver/src/session/cookies.js
+++ b/keyserver/src/session/cookies.js
@@ -125,9 +125,10 @@
     platformDetails = { platform: cookieRow.platform };
   }
   const deviceToken = cookieRow.device_token;
+  const cookieHash = cookieRow.hash;
 
   if (
-    !verifyCookieHash(cookiePassword, cookieRow.hash) ||
+    !verifyCookieHash(cookiePassword, cookieHash) ||
     cookieIsExpired(cookieRow.last_used)
   ) {
     return {
@@ -151,6 +152,7 @@
     cookieSource,
     cookieID,
     cookiePassword,
+    cookieHash,
     sessionIdentifierType: sessionParameterInfo.sessionIdentifierType,
     sessionID,
     sessionInfo,
@@ -213,9 +215,10 @@
     platformDetails = { platform: cookieRow.platform };
   }
   const deviceToken = cookieRow.device_token;
+  const cookieHash = cookieRow.hash;
 
   if (
-    !verifyCookieHash(cookiePassword, cookieRow.hash) ||
+    !verifyCookieHash(cookiePassword, cookieHash) ||
     cookieIsExpired(cookieRow.last_used)
   ) {
     return {
@@ -237,6 +240,7 @@
     cookieSource,
     cookieID,
     cookiePassword,
+    cookieHash,
     sessionIdentifierType: sessionParameterInfo.sessionIdentifierType,
     sessionID,
     sessionInfo,
@@ -638,6 +642,7 @@
     deviceToken,
     cookieID: id,
     cookiePassword,
+    cookieHash,
     sessionID: undefined,
     sessionInfo: null,
     cookieInsertedThisRequest: true,
@@ -705,6 +710,7 @@
     sessionID: undefined,
     sessionInfo: null,
     cookiePassword,
+    cookieHash,
     cookieInsertedThisRequest: true,
     isScriptViewer: false,
   };
diff --git a/keyserver/src/session/scripts.js b/keyserver/src/session/scripts.js
--- a/keyserver/src/session/scripts.js
+++ b/keyserver/src/session/scripts.js
@@ -15,6 +15,7 @@
     userID,
     cookieID: null,
     cookiePassword: null,
+    cookieHash: null,
     sessionID: null,
     sessionInfo: null,
     isScriptViewer: true,
diff --git a/keyserver/src/session/viewer.js b/keyserver/src/session/viewer.js
--- a/keyserver/src/session/viewer.js
+++ b/keyserver/src/session/viewer.js
@@ -23,6 +23,7 @@
   +cookieID: ?string,
   +cookieSource?: CookieSource,
   +cookiePassword: ?string,
+  +cookieHash: ?string,
   +cookieInsertedThisRequest?: boolean,
   +sessionIdentifierType?: SessionIdentifierType,
   +sessionID: ?string,
@@ -41,6 +42,7 @@
   +cookieSource?: CookieSource,
   +cookieID: string,
   +cookiePassword: ?string,
+  +cookieHash: ?string,
   +cookieInsertedThisRequest?: boolean,
   +sessionIdentifierType?: SessionIdentifierType,
   +sessionID: ?string,
@@ -209,6 +211,15 @@
     return cookiePassword;
   }
 
+  get cookieHash(): string {
+    const { cookieHash } = this.data;
+    invariant(
+      cookieHash !== null && cookieHash !== undefined,
+      'Viewer.cookieHash should be set',
+    );
+    return cookieHash;
+  }
+
   get sessionIdentifierType(): SessionIdentifierType {
     const { sessionIdentifierType } = this.data;
     invariant(