diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 814adba801b4bb05a5f65d3fd79ee09a5b309e07..ce78b018317e21f881589f0aa53235afcc2c8965 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,4 +1,8 @@
 
+Drupal 6.34, 2014-11-19
+----------------------
+- Fixed security issues (session hijacking). See SA-CORE-2014-006.
+
 Drupal 6.33, 2014-08-06
 ----------------------
 - Fixed security issues (denial of service). See SA-CORE-2014-004.
diff --git a/includes/session.inc b/includes/session.inc
index 9f671b3a5a3286a3ae729243795ede523fdee994..540b8d973b49cf5e78a2c1e7673e13239ed6a183 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -41,7 +41,7 @@ function sess_read($key) {
   register_shutdown_function('session_write_close');
 
   // Handle the case of first time visitors and clients that don't store cookies (eg. web crawlers).
-  if (!isset($_COOKIE[session_name()])) {
+  if (empty($key) || !isset($_COOKIE[session_name()])) {
     $user = drupal_anonymous_user();
     return '';
   }
diff --git a/modules/system/system.module b/modules/system/system.module
index 9e852c21fb377d47346d8d7c8c52b4e6a7971020..4f61ce1dceb2f8b4c8506902d01e83f289f57e74 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -8,7 +8,7 @@
 /**
  * The current system version.
  */
-define('VERSION', '6.33');
+define('VERSION', '6.34');
 
 /**
  * Core API compatibility.