diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7e301698422..d51265bde4c 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -730,24 +730,30 @@ class ApplicationController < ActionController::Base
         # save original URL in a session so we can redirect after login
         session[:destination_url] = destination_url
         redirect_to path('/session/sso')
+        return
       elsif params[:authComplete].present?
         redirect_to path("/login?authComplete=true")
+        return
       else
         # save original URL in a cookie (javascript redirects after login in this case)
         cookies[:destination_url] = destination_url
         redirect_to path("/login")
+        return
       end
     end
 
-    if current_user &&
-      !current_user.totp_enabled? &&
+    check_totp = current_user &&
       !request.format.json? &&
       !is_api? &&
       ((SiteSetting.enforce_second_factor == 'staff' && current_user.staff?) ||
-        SiteSetting.enforce_second_factor == 'all')
+        SiteSetting.enforce_second_factor == 'all') &&
+      !current_user.totp_enabled?
+
+    if check_totp
       redirect_path = "#{GlobalSetting.relative_url_root}/u/#{current_user.username}/preferences/second-factor"
       if !request.fullpath.start_with?(redirect_path)
         redirect_to path(redirect_path)
+        return
       end
     end
   end