diff --git a/src/controllers/login_controller.rs b/src/controllers/login_controller.rs
index 4c109f1..4948408 100644
--- a/src/controllers/login_controller.rs
+++ b/src/controllers/login_controller.rs
@@ -132,17 +132,16 @@ pub async fn login_route(
 
         match response {
             LoginResult::Success(user) => {
-                SessionIdentity(id.as_ref()).set_user(&http_req, &user);
-
-                return if user.need_reset_password {
-                    SessionIdentity(id.as_ref()).set_status(&http_req, SessionStatus::NeedNewPassword);
-                    redirect_user(&format!("/reset_password?redirect={}", query.redirect.get_encoded()))
+                let status = if user.need_reset_password {
+                    SessionStatus::NeedNewPassword
                 } else if user.has_two_factor() {
-                    SessionIdentity(id.as_ref()).set_status(&http_req, SessionStatus::Need2FA);
-                    redirect_user(&format!("/2fa_auth?redirect={}", query.redirect.get_encoded()))
+                    SessionStatus::Need2FA
                 } else {
-                    redirect_user(query.redirect.get())
+                    SessionStatus::SignedIn
                 };
+
+                SessionIdentity(id.as_ref()).set_user(&http_req, &user, status);
+                redirect_user(query.redirect.get());
             }
 
             LoginResult::AccountDisabled => {
@@ -262,6 +261,7 @@ pub async fn choose_2fa_method(id: Option<Identity>, query: web::Query<ChooseSec
 
     // Automatically choose factor if there is only one factor
     if user.two_factor.len() == 1 && !query.force_display {
+        log::trace!("User has only one factor, using it by default");
         return redirect_user(&user.two_factor[0].login_url(&query.redirect));
     }
 
diff --git a/src/data/session_identity.rs b/src/data/session_identity.rs
index c0b6b4e..cacc071 100644
--- a/src/data/session_identity.rs
+++ b/src/data/session_identity.rs
@@ -70,12 +70,12 @@ impl<'a> SessionIdentity<'a> {
         log::debug!("Did set user session data.");
     }
 
-    pub fn set_user(&self, req: &HttpRequest, user: &User) {
+    pub fn set_user(&self, req: &HttpRequest, user: &User, status: SessionStatus) {
         self.set_session_data(req, &SessionIdentityData {
             id: Some(user.uid.clone()),
             is_admin: user.admin,
             auth_time: time(),
-            status: SessionStatus::SignedIn,
+            status,
         });
     }
 
diff --git a/src/middlewares/auth_middleware.rs b/src/middlewares/auth_middleware.rs
index 0298dae..ea4e735 100644
--- a/src/middlewares/auth_middleware.rs
+++ b/src/middlewares/auth_middleware.rs
@@ -137,6 +137,9 @@ impl<S, B> Service<ServiceRequest> for AuthInnerMiddleware<S>
                 && (req.path().starts_with(ADMIN_ROUTES)
                 || req.path().starts_with(AUTHENTICATED_ROUTES) || req.path().eq(AUTHORIZE_URI))
             {
+                log::debug!("Redirect unauthenticated user from {} to authorization route.",
+                    req.path());
+
                 let path = req.uri().to_string();
                 return Ok(req
                     .into_response(redirect_user_for_login(path))