diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5148c1c..3e5cdd3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,7 +14,10 @@
 - **Enhanced** “remember-me” re-login path at top of `checkAuth()`  
   - Calls `AuthModel::validateRememberToken()` when session is missing but `remember_me_token` cookie present  
   - Repopulates `$_SESSION['authenticated']`, `username`, `isAdmin`, `folderOnly`, `readOnly`, `disableUpload` from payload  
-  - Regenerates session ID and CSRF token, then immediately returns JSON and exits  
+  - Regenerates session ID and CSRF token, then immediately returns JSON and exits
+  
+  - **Updated** `userController.php`
+    - Fixed totp isAdmin when session is missing but `remember_me_token` cookie present
 
 ## Changes 4/22/2025 v1.2.3
 
diff --git a/src/controllers/userController.php b/src/controllers/userController.php
index 4ec1afb..fb7b1bc 100644
--- a/src/controllers/userController.php
+++ b/src/controllers/userController.php
@@ -917,10 +917,11 @@ class UserController
                      $dec = decryptData(file_get_contents($tokFile), $GLOBALS['encryptionKey']);
                      $all = json_decode($dec, true) ?: [];
                  }
+                 $isAdmin = ((int)userModel::getUserRole($username) === 1);
                  $all[$token] = [
                      'username' => $username,
                      'expiry'   => $expiry,
-                     'isAdmin'  => $_SESSION['isAdmin']
+                     'isAdmin'  => $isAdmin
                  ];
                  file_put_contents(
                      $tokFile,
@@ -949,7 +950,7 @@ class UserController
              session_regenerate_id(true);
              $_SESSION['authenticated'] = true;
              $_SESSION['username']      = $username;
-             $_SESSION['isAdmin']       = (userModel::getUserRole($username) === "1");
+             $_SESSION['isAdmin']       = $isAdmin;
              $_SESSION['folderOnly']    = loadUserPermissions($username);
      
              // Clean up