diff --git a/typo3/sysext/core/Classes/Session/Backend/RedisSessionBackend.php b/typo3/sysext/core/Classes/Session/Backend/RedisSessionBackend.php
index f7a14786b7d724c710c332042201acd7de1397c6..705b971953beeeecbb499816c4958ad2557fdcb9 100644
--- a/typo3/sysext/core/Classes/Session/Backend/RedisSessionBackend.php
+++ b/typo3/sysext/core/Classes/Session/Backend/RedisSessionBackend.php
@@ -217,7 +217,7 @@ class RedisSessionBackend implements SessionBackendInterface, HashableSessionBac
     {
         $hashedSessionId = $this->hash($sessionId);
         try {
-            $sessionData = array_merge($this->get($hashedSessionId), $sessionData);
+            $sessionData = array_merge($this->get($sessionId), $sessionData);
         } catch (SessionNotFoundException $e) {
             throw new SessionNotUpdatedException('Cannot update non-existing record', 1484389971, $e);
         }
diff --git a/typo3/sysext/core/Tests/Functional/Session/Backend/RedisSessionBackendTest.php b/typo3/sysext/core/Tests/Functional/Session/Backend/RedisSessionBackendTest.php
index 2549c3c2265a7dc442412a87903a92b10e868e63..3badaeb9db10cd9671110b8be967e939a4104cf1 100644
--- a/typo3/sysext/core/Tests/Functional/Session/Backend/RedisSessionBackendTest.php
+++ b/typo3/sysext/core/Tests/Functional/Session/Backend/RedisSessionBackendTest.php
@@ -35,6 +35,11 @@ class RedisSessionBackendTest extends FunctionalTestCase
      */
     protected $subject;
 
+    /**
+     * @var \Redis
+     */
+    protected $redis;
+
     /**
      * @var array
      */
@@ -67,11 +72,11 @@ class RedisSessionBackendTest extends FunctionalTestCase
         $env = getenv('typo3TestingRedisPort');
         $redisPort = is_string($env) ? (int)$env : 6379;
 
-        $redis = new \Redis();
-        $redis->connect($redisHost, $redisPort);
-        $redis->select(0);
+        $this->redis = new \Redis();
+        $this->redis->connect($redisHost, $redisPort);
+        $this->redis->select(0);
         // Clear db to ensure no sessions exist currently
-        $redis->flushDB();
+        $this->redis->flushDB();
 
         $this->subject = new RedisSessionBackend();
         $this->subject->initialize(
@@ -159,6 +164,31 @@ class RedisSessionBackendTest extends FunctionalTestCase
         self::assertSame($expectedMergedData, $fetchedRecord);
     }
 
+    /**
+     * @test
+     * @covers SessionBackendInterface::update
+     */
+    public function nonHashedSessionIdsAreUpdated()
+    {
+        $testSessionRecord = $this->testSessionRecord;
+        $testSessionRecord['ses_tstamp'] = 1;
+        // simulate old session record by directly inserting it into redis
+        $this->redis->set(
+            'typo3_ses_default_' . sha1($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']) . '_randomSessionId',
+            json_encode($testSessionRecord),
+            ['nx']
+        );
+
+        $updateData = [
+            'ses_data' => serialize(['foo' => 'baz', 'idontwantto' => 'set the world on fire']),
+            'ses_tstamp' => $GLOBALS['EXEC_TIME']
+        ];
+        $expectedMergedData = array_merge($testSessionRecord, $updateData);
+        $this->subject->update('randomSessionId', $updateData);
+        $fetchedRecord = $this->subject->get('randomSessionId');
+        self::assertSame($expectedMergedData, $fetchedRecord);
+    }
+
     /**
      * @test
      * @covers SessionBackendInterface::set