diff --git a/hiboo/account/login.py b/hiboo/account/login.py
index 779f776360d3b27020713c058f0cd3b9f494567d..516c5c131c366a92f52e459e4940b71c93fc7441 100644
--- a/hiboo/account/login.py
+++ b/hiboo/account/login.py
@@ -30,10 +30,8 @@ def signin():
 @blueprint.route("/totp/verify", methods=["GET", "POST"])
 def totp_verify():
     form = forms.TotpForm()
-    if "username" in session:
-        user = models.User.query.filter_by(username=session["username"]).first() or flask.abort(403)
-    else:
-        return flask.redirect(flask.url_for(".signin"))
+    username = session.get("username") or flask.abort(403)
+    user = models.User.query.filter_by(username=username).first() or flask.abort(403)
     if form.validate_on_submit():
         if user.auths[models.Auth.TOTP].check_totp(form.totp.data):
             flask_login.login_user(user)