diff --git a/includes/Api/AuthController.php b/includes/Api/AuthController.php
index 6f70b3e..f7918e9 100644
--- a/includes/Api/AuthController.php
+++ b/includes/Api/AuthController.php
@@ -49,10 +49,14 @@ class AuthController {
 			], 403 );
 		}
 		
-		// CRITICAL: Set auth cookie AND current user (as per WordPress best practices)
-		// This ensures session is properly established for both standalone and wp-admin
-		wp_set_auth_cookie( $user->ID, true, is_ssl() );
+		// CRITICAL: Clear old cookies first, then set new ones
+		// This ensures no stale session data interferes with the new login
+		wp_clear_auth_cookie();
 		wp_set_current_user( $user->ID );
+		wp_set_auth_cookie( $user->ID, true );
+		
+		// Trigger login action (same as wp-login.php)
+		do_action( 'wp_login', $user->user_login, $user );
 		
 		// Debug logging
 		if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {