diff --git a/ajax/controller.php b/ajax/controller.php
index 09a9f7ff..a6d0dde5 100644
--- a/ajax/controller.php
+++ b/ajax/controller.php
@@ -106,11 +106,12 @@ class Controller {
 	 */
 	public static function save(){
 		$uid = self::preDispatch();
-		$esId = @$_POST['es_id'];
-		$memberId = @$_POST['member_id'];
-		$content = @$_POST['content'];
-		if ($esId && $content){
-			$session = Session::getSession($esId);
+		$sessionID = @$_SERVER['HTTP_WEBODF_SESSION_ID'];
+		$memberId = @$_SERVER['HTTP_WEBODF_MEMBER_ID'];
+		$sessionRevision = @$_SERVER['HTTP_WEBODF_SESSION_REVISION'];
+		$content = fopen('php://input','r');
+		if ($sessionID && $content){
+			$session = Session::getSession($sessionID);
 			$fileInfo = \OC\Files\Cache\Cache::getById($session['file_id']);
 			$path = $fileInfo[1];
 			$view = new \OC\Files\View('/' . $session['owner']);
diff --git a/js/editor/server/pullbox/Server.js b/js/editor/server/pullbox/Server.js
index 77bca4ff..418716d1 100644
--- a/js/editor/server/pullbox/Server.js
+++ b/js/editor/server/pullbox/Server.js
@@ -266,6 +266,7 @@ runtime.log("Sending message to server: "+messageString);
 
             // do the request
             xhr.open('POST', args.sessionStateToFileUrl, true);
+            xhr.setRequestHeader("requesttoken", oc_requesttoken);
             xhr.setRequestHeader("webodf-session-id", sessionId);
             xhr.setRequestHeader("webodf-member-id", memberId);
             xhr.setRequestHeader("webodf-session-revision", seqHead);