diff --git a/lib/auth.js b/lib/auth.js
index fc34b93b..bd1b2c57 100644
--- a/lib/auth.js
+++ b/lib/auth.js
@@ -7,7 +7,7 @@ import { secret } from 'lib/crypto';
 const log = debug('umami:auth');
 
 export function generateAuthToken() {
-  return getRandomChars(32);
+  return `auth:${getRandomChars(32)}`;
 }
 
 export function getAuthToken(req) {
diff --git a/lib/middleware.js b/lib/middleware.js
index 76c9630f..8c93369a 100644
--- a/lib/middleware.js
+++ b/lib/middleware.js
@@ -3,7 +3,6 @@ import debug from 'debug';
 import cors from 'cors';
 import { findSession } from 'lib/session';
 import { parseAuthToken, parseShareToken } from 'lib/auth';
-import redis from 'lib/redis';
 
 const log = debug('umami:middleware');
 
@@ -25,14 +24,11 @@ export const useAuth = createMiddleware(async (req, res, next) => {
   const token = await parseAuthToken(req);
   const shareToken = await parseShareToken(req);
 
-  const key = `auth:${token?.authKey}`;
-  const data = redis.enabled ? await redis.get(key) : token;
-
-  if (!data && !shareToken) {
+  if (!token && !shareToken) {
     log('useAuth:user-not-authorized');
     return unauthorized(res);
   }
 
-  req.auth = { ...data, shareToken };
+  req.auth = { ...token, shareToken };
   next();
 });
diff --git a/pages/api/auth/login.js b/pages/api/auth/login.js
index dfdd3ec3..bfdb0b03 100644
--- a/pages/api/auth/login.js
+++ b/pages/api/auth/login.js
@@ -14,14 +14,15 @@ export default async (req, res) => {
   const user = await getUser({ username });
 
   if (user && checkPassword(password, user.password)) {
-    const { id: userId, username, isAdmin } = user;
-
     if (redis.enabled) {
-      const token = `auth:${generateAuthToken()}`;
+      const token = generateAuthToken();
+
+      await redis.set(token, user);
 
       return ok(res, { token, user });
     }
 
+    const { id: userId, username, isAdmin } = user;
     const token = createSecureToken({ userId, username, isAdmin }, secret());
 
     return ok(res, { token, user });
diff --git a/pages/api/auth/verify.js b/pages/api/auth/verify.js
index 303a38ec..e7f7c0c6 100644
--- a/pages/api/auth/verify.js
+++ b/pages/api/auth/verify.js
@@ -1,11 +1,21 @@
 import { useAuth } from 'lib/middleware';
 import { ok, unauthorized } from 'next-basics';
+import redis from 'lib/redis';
+import { secret } from 'lib/crypto';
+import { getAuthToken } from 'lib/auth';
 
 export default async (req, res) => {
-  await useAuth(req, res);
+  if (redis.enabled) {
+    const token = await getAuthToken(req, secret());
+    const user = await redis.get(token);
 
-  if (req.auth) {
-    return ok(res, req.auth);
+    return ok(res, user);
+  } else {
+    await useAuth(req, res);
+
+    if (req.auth) {
+      return ok(res, req.auth);
+    }
   }
 
   return unauthorized(res);