diff --git a/apps/app/src/pages/login.vue b/apps/app/src/pages/login.vue
index 92a075f6..5cdce684 100644
--- a/apps/app/src/pages/login.vue
+++ b/apps/app/src/pages/login.vue
@@ -116,7 +116,10 @@ async function handleLogin() {
 }
 
 function onMfaVerified() {
-  authStore.initialize().then(() => {
+  // After MFA verify, the response sets the auth cookie. Use refreshUser()
+  // (not initialize() — that's guarded by isInitialized and returns immediately)
+  // to call GET /auth/me with the new cookie, populating the store.
+  authStore.refreshUser().then(() => {
     const rawTo = route.query.to ? String(route.query.to) : ''
     const redirectTo = rawTo.startsWith('/') ? rawTo : '/dashboard'