diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
index 34f3d261..053fff51 100644
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -160,7 +160,7 @@ def finish_mfa_webauthn_validation
       sign_in(user)
 
       if session[:token]
-        session[:token] = nil
+        session.delete(:token)
         render json: {
                 authentication_status: "success",
                 redirect: remote_token_path # The token is rotated when the page is visited