diff --git a/app/main/views/choose_service.py b/app/main/views/choose_service.py
index 8a96f3524..427a9ee50 100644
--- a/app/main/views/choose_service.py
+++ b/app/main/views/choose_service.py
@@ -18,7 +18,7 @@ def choose_service():
 @main.route("/services-or-dashboard")
 def show_all_services_or_dashboard():
 
-    if not current_user.is_authenticated():
+    if not current_user.is_authenticated:
         return redirect(url_for('.index'))
 
     services = service_api_client.get_services({'user_id': current_user.id})['data']
diff --git a/app/main/views/index.py b/app/main/views/index.py
index 2c4b7135b..0aad99e2a 100644
--- a/app/main/views/index.py
+++ b/app/main/views/index.py
@@ -1,6 +1,6 @@
 import markdown
 import os
-from flask import (render_template, url_for, redirect, Markup, current_app, abort)
+from flask import (render_template, url_for, redirect, Markup)
 from app.main import main
 from flask_login import login_required
 
@@ -10,7 +10,7 @@ from mdx_gfm import GithubFlavoredMarkdownExtension
 
 @main.route('/')
 def index():
-    if current_user and current_user.is_authenticated():
+    if current_user and current_user.is_authenticated:
         return redirect(url_for('main.choose_service'))
     return render_template('views/signedout.html')
 
diff --git a/app/main/views/invites.py b/app/main/views/invites.py
index 2da6db406..b3909bfa7 100644
--- a/app/main/views/invites.py
+++ b/app/main/views/invites.py
@@ -24,7 +24,7 @@ def accept_invite(token):
 
     invited_user = invite_api_client.check_token(token)
 
-    if not current_user.is_anonymous() and current_user.email_address != invited_user.email_address:
+    if not current_user.is_anonymous and current_user.email_address != invited_user.email_address:
         message = Markup("""
             You’re signed in as {}.
             This invite is for another email address.
diff --git a/app/main/views/register.py b/app/main/views/register.py
index 9a0f4c816..2e5fdcaf9 100644
--- a/app/main/views/register.py
+++ b/app/main/views/register.py
@@ -26,7 +26,7 @@ from app import user_api_client
 
 @main.route('/register', methods=['GET', 'POST'])
 def register():
-    if current_user and current_user.is_authenticated():
+    if current_user and current_user.is_authenticated:
         return redirect(url_for('main.choose_service'))
 
     form = RegisterUserForm()
diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py
index e7b7b466e..d64becc9d 100644
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -29,7 +29,7 @@ from app.main.forms import LoginForm
 @main.route('/sign-in', methods=(['GET', 'POST']))
 def sign_in():
 
-    if current_user and current_user.is_authenticated():
+    if current_user and current_user.is_authenticated:
         return redirect(url_for('main.choose_service'))
 
     form = LoginForm()
@@ -52,9 +52,10 @@ def sign_in():
         if user:
             # Remember me login
             if not login_fresh() and \
-               not current_user.is_anonymous() and \
+               not current_user.is_anonymous and \
                current_user.id == user.id and \
-               user.is_active():
+               user.is_active:
+
                 confirm_login()
                 services = service_api_client.get_services({'user_id': str(user.id)}).get('data', [])
                 if (len(services) == 1):
@@ -63,7 +64,7 @@ def sign_in():
                     return redirect(url_for('main.choose_service'))
 
             session['user_details'] = {"email": user.email_address, "id": user.id}
-            if user.is_active():
+            if user.is_active:
                 user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)
                 if request.args.get('next'):
                     return redirect(url_for('.two_factor', next=request.args.get('next')))
diff --git a/app/main/views/verify.py b/app/main/views/verify.py
index e4929d4d6..71ee28ee0 100644
--- a/app/main/views/verify.py
+++ b/app/main/views/verify.py
@@ -59,7 +59,7 @@ def verify_email(token):
         if not user:
             abort(404)
 
-        if user.is_active():
+        if user.is_active:
             flash("That verification link has expired.")
             return redirect(url_for('main.sign_in'))
 
diff --git a/app/notify_client/models.py b/app/notify_client/models.py
index b4e0e7143..e1a93b470 100644
--- a/app/notify_client/models.py
+++ b/app/notify_client/models.py
@@ -17,14 +17,16 @@ class User(UserMixin):
     def get_id(self):
         return self.id
 
+    @property
     def is_active(self):
         return self.state == 'active'
 
+    @property
     def is_authenticated(self):
         # To handle remember me token renewal
         if not login_fresh():
             return False
-        return super(User, self).is_authenticated()
+        return super(User, self).is_authenticated
 
     @property
     def id(self):
diff --git a/app/templates/admin_template.html b/app/templates/admin_template.html
index 9a4fd53ae..0c84a250e 100644
--- a/app/templates/admin_template.html
+++ b/app/templates/admin_template.html
@@ -39,7 +39,7 @@
       <a href="#proposition-links" class="js-header-toggle menu">Menu</a>
       <nav id="proposition-menu">
         <ul id="proposition-links">
-          {% if current_user.is_authenticated() %}
+          {% if current_user.is_authenticated %}
             <li>
               <a href="{{ url_for('main.user_profile') }}">{{ current_user.name }}</a>
             </li>
diff --git a/config.py b/config.py
index 994b88a1a..dec0534c8 100644
--- a/config.py
+++ b/config.py
@@ -23,13 +23,11 @@ class Config(object):
     REMEMBER_COOKIE_DURATION = timedelta(days=1)
     REMEMBER_COOKIE_HTTPONLY = True
     REMEMBER_COOKIE_NAME = 'notify_admin_remember_me'
-    REMEMBER_COOKIE_PATH = '/admin'
     REMEMBER_COOKIE_SECURE = True
     SECRET_KEY = os.environ['SECRET_KEY']
     SEND_FILE_MAX_AGE_DEFAULT = 365 * 24 * 60 * 60  # 1 year
     SESSION_COOKIE_HTTPONLY = True
     SESSION_COOKIE_NAME = 'notify_admin_session'
-    SESSION_COOKIE_PATH = '/admin'
     SESSION_COOKIE_SECURE = True
     SESSION_REFRESH_EACH_REQUEST = True
     SHOW_STYLEGUIDE = True
@@ -60,6 +58,7 @@ class Development(Config):
     REMEMBER_COOKIE_SECURE = False
     SESSION_COOKIE_SECURE = False
     WTF_CSRF_ENABLED = False
+    SESSION_PROTECTION = None
     CSV_UPLOAD_BUCKET_NAME = 'development-notifications-csv-upload'
 
 
diff --git a/requirements.txt b/requirements.txt
index 38dc7338d..e13d6cda5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,7 @@
 Flask==0.10.1
 Flask-Script==2.0.5
 Flask-WTF==0.11
-Flask-Login==0.2.11
+Flask-Login==0.3.2
 credstash==1.8.0
 boto3==1.3.0
 Pygments==2.0.2
diff --git a/tests/app/main/views/test_sign_in.py b/tests/app/main/views/test_sign_in.py
index 4c504c59f..745f0d419 100644
--- a/tests/app/main/views/test_sign_in.py
+++ b/tests/app/main/views/test_sign_in.py
@@ -14,15 +14,12 @@ def test_render_sign_in_returns_sign_in_template(app_):
 
 def test_logged_in_user_redirects_to_choose_service(app_,
                                                     api_user_active,
-                                                    mock_get_user_by_email,
-                                                    mock_login):
+                                                    mock_get_user):
+
     with app_.test_request_context():
         with app_.test_client() as client:
             client.login(api_user_active)
             response = client.get(url_for('main.sign_in'))
-            assert response.status_code == 302
-
-            response = client.get(url_for('main.sign_in', follow_redirects=True))
             assert response.location == url_for('main.choose_service', _external=True)