diff --git a/object/mfa_sms.go b/object/mfa_sms.go
index 8d7f7e57..6da1a725 100644
--- a/object/mfa_sms.go
+++ b/object/mfa_sms.go
@@ -35,10 +35,7 @@ type SmsMfa struct {
 func (mfa *SmsMfa) Initiate(ctx *context.Context, userId string) (*MfaProps, error) {
 	recoveryCode := uuid.NewString()
 
-	err := ctx.Input.CruSession.Set(MfaRecoveryCodesSession, []string{recoveryCode})
-	if err != nil {
-		return nil, err
-	}
+	ctx.Output.Session(MfaRecoveryCodesSession, []string{recoveryCode})
 
 	mfaProps := MfaProps{
 		MfaType:       mfa.Config.MfaType,
diff --git a/object/mfa_totp.go b/object/mfa_totp.go
index a26f079b..0eed4a02 100644
--- a/object/mfa_totp.go
+++ b/object/mfa_totp.go
@@ -55,16 +55,10 @@ func (mfa *TotpMfa) Initiate(ctx *context.Context, userId string) (*MfaProps, er
 		return nil, err
 	}
 
-	err = ctx.Input.CruSession.Set(MfaTotpSecretSession, key.Secret())
-	if err != nil {
-		return nil, err
-	}
+	ctx.Output.Session(MfaTotpSecretSession, key.Secret())
 
 	recoveryCode := uuid.NewString()
-	err = ctx.Input.CruSession.Set(MfaRecoveryCodesSession, []string{recoveryCode})
-	if err != nil {
-		return nil, err
-	}
+	ctx.Output.Session(MfaRecoveryCodesSession, []string{recoveryCode})
 
 	mfaProps := MfaProps{
 		MfaType:       mfa.Config.MfaType,
diff --git a/web/src/App.js b/web/src/App.js
index 65355c32..d0625989 100644
--- a/web/src/App.js
+++ b/web/src/App.js
@@ -735,7 +735,9 @@ class App extends Component {
                   account={this.state.account}
                   theme={this.state.themeData}
                   onLoginSuccess={(redirectUrl) => {
-                    localStorage.setItem("mfaRedirectUrl", redirectUrl);
+                    if (redirectUrl) {
+                      localStorage.setItem("mfaRedirectUrl", redirectUrl);
+                    }
                     this.getAccount();
                   }}
                   onUpdateAccount={(account) => this.onUpdateAccount(account)}