diff --git a/web/core/views.py b/web/core/views.py
index 8182ae0..9654df2 100644
--- a/web/core/views.py
+++ b/web/core/views.py
@@ -54,16 +54,19 @@ EXPECTED_HEADERS = [
 ]
 
 def login_view(request):
-    # If Django session already exists, go straight in
+    # If Django session already exists, go to app
     if request.user.is_authenticated:
         return redirect("search")
 
-    # Auto-start OIDC ONLY on a clean GET to /login/
-    # If ?next= is present, Django is already in a redirect flow — don't loop
-    if request.method == "GET" and "next" not in request.GET:
+    # Only auto-start OIDC if this is a fresh browser visit
+    # and NOT a redirect coming from Django itself
+    if (
+        request.method == "GET"
+        and "next" not in request.GET
+    ):
         return redirect("oidc_authentication_init")
 
-    # Fallback (rare): render the page so the user can click manually
+    # Fallback: show login page (rare, but prevents loops)
     ctx = {}
 
     if request.method == "POST":