diff --git a/.rubocop.yml b/.rubocop.yml
index b80aa360456..4b01c32efb0 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -789,7 +789,7 @@ Performance/UriDefaultParser:
   Enabled: true
 
 Rails/ActionControllerFlashBeforeRender:
-  Enabled: false
+  Enabled: true
 
 Rails/ActionControllerTestCase:
   Enabled: true
diff --git a/app/controllers/account_reset/cancel_controller.rb b/app/controllers/account_reset/cancel_controller.rb
index 424972cafe8..749d8069011 100644
--- a/app/controllers/account_reset/cancel_controller.rb
+++ b/app/controllers/account_reset/cancel_controller.rb
@@ -19,9 +19,11 @@ def create
       analytics.account_reset_cancel(**result.to_h)
       irs_attempts_api_tracker.account_reset_cancel_request
 
-      handle_success if result.success?
-
-      redirect_to root_url
+      if result.success?
+        handle_success
+      else
+        redirect_to root_url
+      end
     end
 
     private
@@ -42,6 +44,7 @@ def handle_success
         'two_factor_authentication.account_reset.successful_cancel',
         app_name: APP_NAME,
       )
+      redirect_to root_url
     end
 
     def token
diff --git a/app/controllers/concerns/idv_session.rb b/app/controllers/concerns/idv_session.rb
index 5ec3b9b97a6..82e107452b0 100644
--- a/app/controllers/concerns/idv_session.rb
+++ b/app/controllers/concerns/idv_session.rb
@@ -19,7 +19,6 @@ def hybrid_session?
   end
 
   def confirm_phone_or_address_confirmed
-    return if flash[:allow_confirmations_continue]
     return if idv_session.address_confirmed? || idv_session.phone_confirmed?
 
     redirect_to idv_review_url
diff --git a/app/controllers/idv/personal_key_controller.rb b/app/controllers/idv/personal_key_controller.rb
index 8fd1cdfdc8a..e020fd4b4a6 100644
--- a/app/controllers/idv/personal_key_controller.rb
+++ b/app/controllers/idv/personal_key_controller.rb
@@ -63,8 +63,6 @@ def finish_idv_session
       idv_session.personal_key = nil
 
       irs_attempts_api_tracker.idv_personal_key_generated
-
-      flash[:allow_confirmations_continue] = true
     end
 
     def personal_key
diff --git a/app/controllers/users/totp_setup_controller.rb b/app/controllers/users/totp_setup_controller.rb
index a1bbbfd6bc8..e4c5a499a7c 100644
--- a/app/controllers/users/totp_setup_controller.rb
+++ b/app/controllers/users/totp_setup_controller.rb
@@ -40,8 +40,11 @@ def confirm
     end
 
     def disable
-      process_successful_disable if MfaPolicy.new(current_user).multiple_factors_enabled?
-      redirect_to account_two_factor_authentication_path
+      if MfaPolicy.new(current_user).multiple_factors_enabled?
+        process_successful_disable
+      else
+        redirect_to account_two_factor_authentication_path
+      end
     end
 
     private
@@ -103,6 +106,7 @@ def process_successful_disable
       revoke_remember_device(current_user)
       revoke_otp_secret_key
       flash[:success] = t('notices.totp_disabled')
+      redirect_to account_two_factor_authentication_path
     end
 
     def revoke_otp_secret_key
diff --git a/spec/controllers/idv/personal_key_controller_spec.rb b/spec/controllers/idv/personal_key_controller_spec.rb
index 27c6a8906d4..3cfe65019b9 100644
--- a/spec/controllers/idv/personal_key_controller_spec.rb
+++ b/spec/controllers/idv/personal_key_controller_spec.rb
@@ -149,12 +149,6 @@ def index
       )
     end
 
-    it 'sets flash[:allow_confirmations_continue] to true' do
-      get :show
-
-      expect(flash[:allow_confirmations_continue]).to eq true
-    end
-
     it 'logs when user generates personal key' do
       expect(@irs_attempts_api_tracker).to receive(:idv_personal_key_generated)
       get :show