diff --git a/data/web/oauth/authorize.php b/data/web/oauth/authorize.php
index 9c0d9814..48e99b0c 100644
--- a/data/web/oauth/authorize.php
+++ b/data/web/oauth/authorize.php
@@ -60,6 +60,10 @@ $is_authorized = ($_POST['authorized'] == '1');
 $oauth2_server->handleAuthorizeRequest($request, $response, $is_authorized, $_SESSION['mailcow_cc_username']);
 if ($is_authorized) {
   unset($_SESSION['oauth2_request']);
+  if ($GLOBALS['OAUTH2_FORGET_SESSION_AFTER_LOGIN'] === true) {
+    session_unset();
+    session_destroy();
+  }
   header('Location: ' . $response->getHttpHeader('Location'));
   exit;
 }
diff --git a/data/web/oauth/profile.php b/data/web/oauth/profile.php
index ff22e4d5..3628e58b 100644
--- a/data/web/oauth/profile.php
+++ b/data/web/oauth/profile.php
@@ -22,16 +22,8 @@ if (!empty($mailbox)) {
       'modified' => (!empty($mailbox['modified']) ? $mailbox['modified'] : ''),
       'active' => (!empty($mailbox['active']) ? $mailbox['active'] : ''),
     ));
-    if ($GLOBALS['OAUTH2_FORGET_SESSION_AFTER_LOGIN'] === true) {
-      session_unset();
-      session_destroy();
-    }
     exit;
   }
-  if ($GLOBALS['OAUTH2_FORGET_SESSION_AFTER_LOGIN'] === true) {
-    session_unset();
-    session_destroy();
-  }
 }
 echo json_encode(array(
   'success' => false