diff --git a/install/package.json b/install/package.json
index 55a85f2687..57fa18813d 100644
--- a/install/package.json
+++ b/install/package.json
@@ -92,7 +92,7 @@
         "mousetrap": "1.6.5",
         "multiparty": "4.2.3",
         "nconf": "0.12.0",
-        "nodebb-plugin-2factor": "7.2.1",
+        "nodebb-plugin-2factor": "7.2.2",
         "nodebb-plugin-composer-default": "10.2.22",
         "nodebb-plugin-dbsearch": "6.2.2",
         "nodebb-plugin-emoji": "5.1.5",
@@ -194,4 +194,4 @@
             "url": "https://github.com/barisusakli"
         }
     ]
-}
\ No newline at end of file
+}
diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js
index 08515f1124..82eec9f566 100644
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@@ -379,15 +379,12 @@ authenticationController.onSuccessfulLogin = async function (req, uid) {
 			new Promise((resolve) => {
 				req.session.save(resolve);
 			}),
-			user.auth.addSession(uid, req.sessionID),
+			user.auth.addSession(uid, req.sessionID, uuid),
 			user.updateLastOnlineTime(uid),
 			user.onUserOnline(uid, Date.now()),
 			analytics.increment('logins'),
 			db.incrObjectFieldBy('global', 'loginCount', 1),
 		]);
-		if (uid > 0) {
-			await db.setObjectField(`uid:${uid}:sessionUUID:sessionId`, uuid, req.sessionID);
-		}
 
 		// Force session check for all connected socket.io clients with the same session id
 		sockets.in(`sess_${req.sessionID}`).emit('checkSession', uid);
diff --git a/src/user/auth.js b/src/user/auth.js
index d8113547e6..5330903a15 100644
--- a/src/user/auth.js
+++ b/src/user/auth.js
@@ -106,12 +106,15 @@ module.exports = function (User) {
 		await db.sortedSetRemove(`uid:${uid}:sessions`, expiredSids);
 	}
 
-	User.auth.addSession = async function (uid, sessionId) {
+	User.auth.addSession = async function (uid, sessionId, uuid) {
 		if (!(parseInt(uid, 10) > 0)) {
 			return;
 		}
 		await cleanExpiredSessions(uid);
-		await db.sortedSetAdd(`uid:${uid}:sessions`, Date.now(), sessionId);
+		await Promise.all([
+			db.sortedSetAdd(`uid:${uid}:sessions`, Date.now(), sessionId),
+			db.setObjectField(`uid:${uid}:sessionUUID:sessionId`, uuid, sessionId),
+		]);
 		await revokeSessionsAboveThreshold(uid, meta.config.maxUserSessions);
 	};
 
diff --git a/test/user/reset.js b/test/user/reset.js
index 36f80b2dda..a2c1d631cd 100644
--- a/test/user/reset.js
+++ b/test/user/reset.js
@@ -112,7 +112,7 @@ describe('Password reset (library methods)', () => {
 	});
 });
 
-describe.only('locks', () => {
+describe('locks', () => {
 	let uid;
 	let email;
 	beforeEach(async () => {