diff --git a/internal/middleware/csrf.go b/internal/middleware/csrf.go
index 185f891..cff464b 100644
--- a/internal/middleware/csrf.go
+++ b/internal/middleware/csrf.go
@@ -101,12 +101,6 @@ func CSRF(config CSRFConfig) gin.HandlerFunc {
 		}
 
 		c.Next()
-
-		newToken, err := generateCSRFToken(config.Secret)
-		if err == nil {
-			session.Set(csrfTokenKey, newToken)
-			session.Save()
-		}
 	}
 }
 
diff --git a/internal/router/router.go b/internal/router/router.go
index 3660564..7dac7c4 100644
--- a/internal/router/router.go
+++ b/internal/router/router.go
@@ -211,7 +211,7 @@ func Setup(cfg *config.Config) *gin.Engine {
 		c.String(http.StatusOK, id)
 	})
 
-	r.GET("/login/2fa", authHandler.ShowLogin2FA)
+	r.GET("/login/2fa", csrfMiddleware, authHandler.ShowLogin2FA)
 	r.POST("/login/2fa", csrfMiddleware, authHandler.Login2FA)
 
 	guest := r.Group("/")