diff --git a/auth_admin/__manifest__.py b/auth_admin/__manifest__.py
index 1b628cf3..ab95847e 100755
--- a/auth_admin/__manifest__.py
+++ b/auth_admin/__manifest__.py
@@ -2,7 +2,7 @@
     'name': 'Auth Admin',
     'author': 'Hibou Corp. <hello@hibou.io>',
     'category': 'Hidden',
-    'version': '15.0.1.0.0',
+    'version': '16.0.1.0.0',
     'description':
         """
 Login as other user
diff --git a/auth_admin/controllers/main.py b/auth_admin/controllers/main.py
index 5c7b83a9..034e16b2 100755
--- a/auth_admin/controllers/main.py
+++ b/auth_admin/controllers/main.py
@@ -24,16 +24,34 @@ class AuthAdmin(http.Controller):
 
         try:
             user = check_admin_auth_login(http.request.env, u, e, o, h)
-
+            
             http.request.session.uid = user.id
-            http.request.session.login = user.login
-            http.request.session.password = ''
-            http.request.session.auth_admin = int(o)
-            http.request.uid = user.id
-            uid = http.request.session.authenticate(http.request.session.db, user.login, 'x')
-            if uid is not False:
-                http.request.params['login_success'] = True
-                return http.request.redirect('/my/home')
+            http.request.session.pre_login = user.login
+            # http.request.session.pre_uid = pre_uid
+
+            with registry.cursor() as cr:
+                env = odoo.api.Environment(cr, user.id, {})
+
+                # if 2FA is disabled we finalize immediately
+                user = env['res.users'].browse(user.id)
+                # TODO RFC do we want to allow this mechanism with mfa?
+                if not user._mfa_url():
+                    http.request.session.finalize(env)
+
+            if request and request.db == dbname:
+                # Like update_env(user=request.session.uid) but works when uid is None
+                request.env = odoo.api.Environment(request.env.cr, http.request.session.uid, http.request.session.context)
+                request.update_context(**http.request.session.context)
+
+            # http.request.session.uid = user.id
+            # http.request.session.login = user.login
+            # http.request.session.password = ''
+            # http.request.session.auth_admin = int(o)
+            # http.request.uid = user.id
+            # uid = http.request.session.authenticate(http.request.session.db, user.login, 'x')
+            # if uid is not False:
+            #     http.request.params['login_success'] = True
+            #     return http.request.redirect('/my/home')
             return http.request.redirect('/my/home')
         except (exceptions.Warning, ) as e:
             return http.Response(e.message, status=400)