diff --git a/CHANGES b/CHANGES
index 21f345bd2..b18852065 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,13 @@
 
                                   Changelog
 
+Daniel Stenberg (28 Aug 2008)
+- Dengminwen reported that libcurl would lock a (cookie) share twice (without
+  an unlock in between) for a certain case and that in fact works when using
+  regular windows mutexes but not with pthreads'! Locks should of course not
+  get locked again so this is now fixed.
+  http://curl.haxx.se/mail/lib-2008-08/0422.html
+
 Daniel Fandrich (27 Aug 2008)
 - Fixed test case 1065 by changing the handling of CURLOPT_UPLOAD to set
   the HTTP method to GET (or HEAD) when given a value of 0.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index cfdb11979..bee89a069 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -59,6 +59,7 @@ This release includes the following bugfixes:
  o error when --dump-header - used with more than one URL
  o proxy closing connect during CONNECT with auth with the multi interface
  o CURLOPT_UPLOAD sets HTTP method back to GET or HEAD when passed in a 0
+ o shared cookies could get locked twice
 
 This release includes the following known bugs:
 
diff --git a/lib/url.c b/lib/url.c
index a70b471b2..da757a377 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -346,14 +346,16 @@ CURLcode Curl_dupset(struct SessionHandle * dst, struct SessionHandle * src)
 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
 static void flush_cookies(struct SessionHandle *data, int cleanup)
 {
-  Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
   if(data->set.str[STRING_COOKIEJAR]) {
     if(data->change.cookielist) {
       /* If there is a list of cookie files to read, do it first so that
-         we have all the told files read before we write the new jar */
+         we have all the told files read before we write the new jar.
+         Curl_cookie_loadfiles() LOCKS and UNLOCKS the share itself! */
       Curl_cookie_loadfiles(data);
     }
 
+    Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
+
     /* if we have a destination file for all the cookies to get dumped to */
     if(Curl_cookie_output(data->cookies, data->set.str[STRING_COOKIEJAR]))
       infof(data, "WARNING: failed to save cookies in %s\n",
@@ -364,6 +366,7 @@ static void flush_cookies(struct SessionHandle *data, int cleanup)
       /* since nothing is written, we can just free the list of cookie file
          names */
       curl_slist_free_all(data->change.cookielist); /* clean up list */
+    Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
   }
 
   if(cleanup && (!data->share || (data->cookies != data->share->cookies))) {