diff --git a/backend/src/api/auth.rs b/backend/src/api/auth.rs
index 78ddd4e..71d3f2c 100644
--- a/backend/src/api/auth.rs
+++ b/backend/src/api/auth.rs
@@ -357,12 +357,17 @@ async fn login_post(
         println!("Post-Cookie: {} = {}", cookie.name(), cookie.value());
     }
     
+    let login_cookie = cookies
+        .get_private(LOGIN_COOKIE)
+        .and_then(|cookie| serde_json::from_str::<LoginInfo>(cookie.value()).ok())
+        .ok_or_else(|| AuthError::MissingLoginCookie(String::from("Unknown login session")))?;
+    cookies.remove_private(Cookie::named(LOGIN_COOKIE));
 
     if state != login_cookie.csrf_state {
         return Err(AuthError::CsrfMissmatch(String::from(
             "Possible Cross Site Request Forgery attack detected",
         )));
-    }
+    }st
 
     let token_result = oauth
         .exchange_code(AuthorizationCode::new(code))