diff --git a/DataStorage/Session/HttpSession.php b/DataStorage/Session/HttpSession.php
index 1514d4c03..6134baebe 100644
--- a/DataStorage/Session/HttpSession.php
+++ b/DataStorage/Session/HttpSession.php
@@ -85,8 +85,6 @@ class HttpSession implements SessionInterface
 
         $this->sid = session_id();
         $this->setCsrfProtection();
-
-        self::$isLocked = true;
     }
 
     /**
@@ -135,7 +133,7 @@ class HttpSession implements SessionInterface
      * @since  1.0.0
      * @author Dennis Eichhorn <d.eichhorn@oms.com>
      */
-    public static function lock()
+    public function lock()
     {
         self::$isLocked = true;
     }
@@ -158,7 +156,10 @@ class HttpSession implements SessionInterface
      */
     public function save()
     {
-
+        if(!self::$isLocked) {
+            $_SESSION = $this->sessionData;
+            session_write_close();
+        }
     }
 
     /**
@@ -199,10 +200,7 @@ class HttpSession implements SessionInterface
      */
     public function __destruct()
     {
-        if(!self::$isLocked) {
-            $_SESSION = $this->sessionData;
-            session_write_close();
-        }
+        $this->save();
     }
 
 }
diff --git a/Message/HeaderAbstract.php b/Message/HeaderAbstract.php
index 27683905a..650206aab 100644
--- a/Message/HeaderAbstract.php
+++ b/Message/HeaderAbstract.php
@@ -93,8 +93,7 @@ abstract class HeaderAbstract
      */
     public static function lock()
     {
-        CookieJar::lock();
-        HttpSession::lock();
+        // todo: maybe pass session as member and make lock not static
         self::$isLocked = true;
     }