diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb
index 58a314410..1396a5b35 100644
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@@ -27,7 +27,7 @@ class Epp::SessionsController < EppController
       end
     end
 
-    if !webclient_request && @api_user
+    if !Rails.env.development? && (!webclient_request && @api_user)
       unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
         epp_errors << {
           msg: 'Authentication error; server closing connection (certificate is not valid)',
diff --git a/app/controllers/epp_controller.rb b/app/controllers/epp_controller.rb
index c4e5f661b..4f84f7284 100644
--- a/app/controllers/epp_controller.rb
+++ b/app/controllers/epp_controller.rb
@@ -97,7 +97,7 @@ class EppController < ApplicationController
     e_s = epp_session
     return if e_s.new_record?
 
-    if e_s.updated_at < Time.zone.now - 5.minutes
+    if !Rails.env.development? && (e_s.updated_at < Time.zone.now - 5.minutes)
       @api_user = current_user # cache current_user for logging
       e_s.destroy
       response.headers['X-EPP-Returncode'] = '1500'