diff --git a/lib/lastpass/fetcher.rb b/lib/lastpass/fetcher.rb
index ae6146d..04d1854 100644
--- a/lib/lastpass/fetcher.rb
+++ b/lib/lastpass/fetcher.rb
@@ -10,7 +10,7 @@ def self.login username, password, multifactor_password = nil, client_id = nil
 
         def self.logout session, web_client = http
             response = web_client.get "https://lastpass.com/logout.php?method=cli&noredirect=1",
-                                      cookies: {"PHPSESSID" => URI.encode(session.id)}
+                                      cookies: {"PHPSESSID" => URI.encode_www_form_component(session.id)}
 
             raise NetworkError unless response.response.is_a? Net::HTTPOK
         end
@@ -18,7 +18,7 @@ def self.logout session, web_client = http
         def self.fetch session, web_client = http
             response = web_client.get "https://lastpass.com/getaccts.php?mobile=1&b64=1&hash=0.0&hasplugin=3.0.23&requestsrc=cli",
                                       format: :plain,
-                                      cookies: {"PHPSESSID" => URI.encode(session.id)}
+                                      cookies: {"PHPSESSID" => URI.encode_www_form_component(session.id)}
 
             raise NetworkError unless response.response.is_a? Net::HTTPOK
 
diff --git a/spec/fetcher_spec.rb b/spec/fetcher_spec.rb
index a908ac4..ee86fde 100644
--- a/spec/fetcher_spec.rb
+++ b/spec/fetcher_spec.rb
@@ -10,6 +10,7 @@
 
     let(:hash) { "7880a04588cfab954aa1a2da98fd9c0d2c6eba4c53e36a94510e6dbf30759256" }
     let(:session_id) { "53ru,Hb713QnEVM5zWZ16jMvxS0" }
+    let(:escaped_session_id) { "53ru%2CHb713QnEVM5zWZ16jMvxS0" }
     let(:session) { LastPass::Session.new session_id, key_iteration_count, "DEADBEEF" }
 
     let(:blob_response) { "TFBBVgAAAAMxMjJQUkVNAAAACjE0MTQ5" }
@@ -36,7 +37,7 @@
         it "makes a GET request" do
             web_client = double "web_client"
             expect(web_client).to receive(:get)
-                .with("https://lastpass.com/logout.php?method=cli&noredirect=1", cookies: {"PHPSESSID" => session_id})
+                .with("https://lastpass.com/logout.php?method=cli&noredirect=1", cookies: {"PHPSESSID" => escaped_session_id})
                 .and_return(http_ok "")
             LastPass::Fetcher.logout session, web_client
         end
@@ -199,7 +200,7 @@ def verify_post_request multifactor_password, device_id, post_data
             expect(web_client = double("web_client")).to receive(:get)
                 .with("https://lastpass.com/getaccts.php?mobile=1&b64=1&hash=0.0&hasplugin=3.0.23&requestsrc=cli",
                       format: :plain,
-                      cookies: {"PHPSESSID" => session_id})
+                      cookies: {"PHPSESSID" => escaped_session_id})
                 .and_return(http_ok(blob_response))
 
             LastPass::Fetcher.fetch session, web_client