diff --git a/src/Control/Session.php b/src/Control/Session.php
index d8f4473b8..c734cbdb6 100644
--- a/src/Control/Session.php
+++ b/src/Control/Session.php
@@ -145,13 +145,9 @@ class Session
      *
      * @return string
      */
-    protected function userAgent()
+    protected function userAgent($request)
     {
-        if (isset($_SERVER['HTTP_USER_AGENT'])) {
-            return $_SERVER['HTTP_USER_AGENT'];
-        } else {
-            return '';
-        }
+        return $request->getHeader('User-Agent');
     }
 
     /**
@@ -180,7 +176,7 @@ class Session
 
         // Funny business detected!
         if (isset($this->data['HTTP_USER_AGENT'])) {
-            if ($this->data['HTTP_USER_AGENT'] !== $this->userAgent()) {
+            if ($this->data['HTTP_USER_AGENT'] !== $this->userAgent($request)) {
                 $this->clearAll();
                 $this->destroy();
                 $this->start($request);
@@ -468,9 +464,9 @@ class Session
     /**
      * Set user agent key
      */
-    public function finalize()
+    public function finalize(HTTPRequest $request)
     {
-        $this->set('HTTP_USER_AGENT', $this->userAgent());
+        $this->set('HTTP_USER_AGENT', $this->userAgent($request));
     }
 
     /**
@@ -480,7 +476,7 @@ class Session
     public function save(HTTPRequest $request)
     {
         if ($this->changedData) {
-            $this->finalize();
+            $this->finalize($request);
 
             if (!$this->isStarted()) {
                 $this->start($request);
diff --git a/src/Dev/SapphireTest.php b/src/Dev/SapphireTest.php
index e5604faf8..a8455bf3e 100644
--- a/src/Dev/SapphireTest.php
+++ b/src/Dev/SapphireTest.php
@@ -911,7 +911,7 @@ class SapphireTest extends PHPUnit_Framework_TestCase implements TestOnly
         // Custom application
         $app->execute($request, function (HTTPRequest $request) {
             // Start session and execute
-            $request->getSession()->init();
+            $request->getSession()->init($request);
 
             // Invalidate classname spec since the test manifest will now pull out new subclasses for each internal class
             // (e.g. Member will now have various subclasses of DataObjects that implement TestOnly)
diff --git a/tests/php/Control/SessionTest.php b/tests/php/Control/SessionTest.php
index afdda1013..acc50c84a 100644
--- a/tests/php/Control/SessionTest.php
+++ b/tests/php/Control/SessionTest.php
@@ -4,6 +4,7 @@ namespace SilverStripe\Control\Tests;
 
 use SilverStripe\Control\Session;
 use SilverStripe\Dev\SapphireTest;
+use SilverStripe\Control\HTTPRequest;
 
 /**
  * Tests to cover the {@link Session} class
@@ -107,20 +108,22 @@ class SessionTest extends SapphireTest
     public function testUserAgentLockout()
     {
         // Set a user agent
-        $_SERVER['HTTP_USER_AGENT'] = 'Test Agent';
+        $req1 = new HTTPRequest('GET', '/');
+        $req1->setHeader('User-Agent', 'Test Agent');
 
         // Generate our session
         $s = new Session(array());
-        $s->init();
+        $s->init($req1);
         $s->set('val', 123);
-        $s->finalize();
+        $s->finalize($req1);
 
         // Change our UA
-        $_SERVER['HTTP_USER_AGENT'] = 'Fake Agent';
+        $req2 = new HTTPRequest('GET', '/');
+        $req2->setHeader('User-Agent', 'Test Agent');
 
         // Verify the new session reset our values
         $s2 = new Session($s);
-        $s2->init();
+        $s2->init($req2);
         $this->assertNotEquals($s2->get('val'), 123);
     }
 }