diff --git a/controllers/login.go b/controllers/login.go
index 0eb9761..b7e438b 100644
--- a/controllers/login.go
+++ b/controllers/login.go
@@ -45,9 +45,6 @@ func LoginForm(c *fiber.Ctx) error {
 		}
 
 		if helpers.CheckPasswordHash(password, user.Password) {
-			sess.Set("userid", user.ID)
-			sess.Save()
-
 			redirectId := c.Query("redirect")
 			redirectUrl := "/"
 
@@ -60,6 +57,9 @@ func LoginForm(c *fiber.Ctx) error {
 				}
 			}
 
+			sess.Set("userid", user.ID)
+			sess.Save()
+
 			return c.Redirect(redirectUrl)
 		} else {
 			loginError = "Email ou mot de passe incorrect"
diff --git a/controllers/mfa.go b/controllers/mfa.go
index e366910..a5c0124 100644
--- a/controllers/mfa.go
+++ b/controllers/mfa.go
@@ -163,12 +163,6 @@ func TotpVerifyPage(c *fiber.Ctx) error {
 	if c.Method() == "POST" {
 		otp := c.FormValue("otp")
 		if totp.Validate(otp, user.TotpSercet.String) {
-			sess.Set("totp-verified", "yes")
-			err = sess.Save()
-			if err != nil {
-				return err
-			}
-
 			redirectId := c.Query("redirect")
 			redirectUrl := "/"
 
@@ -181,6 +175,9 @@ func TotpVerifyPage(c *fiber.Ctx) error {
 				}
 			}
 
+			sess.Set("totp-verified", "yes")
+			sess.Save()
+
 			return c.Redirect(redirectUrl)
 		} else {
 			mfaError = "Code temporaire invalide"