diff --git a/app/controllers/idv/personal_key_controller.rb b/app/controllers/idv/personal_key_controller.rb
index df3bd9ac97a..aaa84d812d6 100644
--- a/app/controllers/idv/personal_key_controller.rb
+++ b/app/controllers/idv/personal_key_controller.rb
@@ -30,6 +30,7 @@ def update
         fraud_review_pending: fraud_review_pending?,
         fraud_rejection: fraud_rejection?,
       )
+      idv_session.personal_key = nil
       redirect_to next_step
     end
 
@@ -63,8 +64,7 @@ def finish_idv_session
       @code = personal_key
       @personal_key_generated_at = current_user.personal_key_generated_at
 
-      user_session[:personal_key] = @code
-      idv_session.personal_key = nil
+      idv_session.personal_key = @code
 
       irs_attempts_api_tracker.idv_personal_key_generated
     end
diff --git a/spec/controllers/accounts_controller_spec.rb b/spec/controllers/accounts_controller_spec.rb
index 385d45e1824..237c0359e86 100644
--- a/spec/controllers/accounts_controller_spec.rb
+++ b/spec/controllers/accounts_controller_spec.rb
@@ -2,7 +2,7 @@
 
 RSpec.describe AccountsController do
   describe 'before_actions' do
-    it 'includes before_actions from AccountStateChecker' do
+    it 'includes before_actions' do
       expect(subject).to have_actions(
         :before,
         :confirm_two_factor_authenticated,
diff --git a/spec/controllers/idv/personal_key_controller_spec.rb b/spec/controllers/idv/personal_key_controller_spec.rb
index fef9bfa662f..c844f4cc1a6 100644
--- a/spec/controllers/idv/personal_key_controller_spec.rb
+++ b/spec/controllers/idv/personal_key_controller_spec.rb
@@ -43,7 +43,7 @@ def stub_idv_session
   end
 
   describe 'before_actions' do
-    it 'includes before_actions from AccountStateChecker' do
+    it 'includes before_actions' do
       expect(subject).to have_actions(
         :before,
         :confirm_two_factor_authenticated,
@@ -138,6 +138,16 @@ def index
       expect(assigns(:code)).to eq(code)
     end
 
+    it 'shows the same personal key when page is refreshed' do
+      subject.idv_session.create_profile_from_applicant_with_password(password)
+      code = subject.idv_session.personal_key
+
+      get :show
+      get :show
+
+      expect(assigns(:code)).to eq(code)
+    end
+
     it 'can decrypt the profile with the code' do
       get :show
 
diff --git a/spec/controllers/idv/review_controller_spec.rb b/spec/controllers/idv/review_controller_spec.rb
index cc8521fbaf4..b5052cfdcc4 100644
--- a/spec/controllers/idv/review_controller_spec.rb
+++ b/spec/controllers/idv/review_controller_spec.rb
@@ -36,7 +36,7 @@
   end
 
   describe 'before_actions' do
-    it 'includes before_actions from AccountStateChecker' do
+    it 'includes before_actions' do
       expect(subject).to have_actions(
         :before,
         :confirm_two_factor_authenticated,