diff --git a/app/controllers/openid_connect/authorization_controller.rb b/app/controllers/openid_connect/authorization_controller.rb
index e34174ef6ff..b0e4014c6d4 100644
--- a/app/controllers/openid_connect/authorization_controller.rb
+++ b/app/controllers/openid_connect/authorization_controller.rb
@@ -132,12 +132,13 @@ def sign_out_if_prompt_param_is_login_and_user_is_signed_in
           is_forced_reauthentication: false,
         )
       end
-      return unless user_signed_in? && @authorize_form.prompt == 'login'
+      return unless @authorize_form.prompt == 'login'
       return if session[:oidc_state_for_login_prompt] == @authorize_form.state
+      session[:oidc_state_for_login_prompt] = @authorize_form.state
+      return unless user_signed_in?
       return if check_sp_handoff_bounced
       unless sp_session[:request_url] == request.original_url
         sign_out
-        session[:oidc_state_for_login_prompt] = @authorize_form.state
         set_issuer_forced_reauthentication(
           issuer: @authorize_form.service_provider.issuer,
           is_forced_reauthentication: true,
diff --git a/spec/controllers/openid_connect/authorization_controller_spec.rb b/spec/controllers/openid_connect/authorization_controller_spec.rb
index e1149dec658..6fb44a0e6ac 100644
--- a/spec/controllers/openid_connect/authorization_controller_spec.rb
+++ b/spec/controllers/openid_connect/authorization_controller_spec.rb
@@ -11,12 +11,13 @@
 
   let(:client_id) { 'urn:gov:gsa:openidconnect:test' }
   let(:service_provider) { build(:service_provider, issuer: client_id) }
+  let(:prompt) { 'select_account' }
   let(:params) do
     {
       acr_values: Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF,
       client_id: client_id,
       nonce: SecureRandom.hex,
-      prompt: 'select_account',
+      prompt: prompt,
       redirect_uri: 'gov.gsa.openidconnect.test://result',
       response_type: 'code',
       scope: 'openid profile',
@@ -27,6 +28,18 @@
   describe '#index' do
     subject(:action) { get :index, params: params }
 
+    context 'with prompt=login' do
+      let(:prompt) { 'login' }
+
+      it 'does not log user out when switching languages after authentication' do
+        user = create(:user, :with_phone)
+        action
+        sign_in_as_user(user)
+        get :index, params: params.merge(locale: 'es')
+        expect(controller.current_user).to eq(user)
+      end
+    end
+
     context 'user is signed in' do
       let(:user) { create(:user, :fully_registered) }
       before do