diff --git a/web/app/(shareLayout)/components/splash.tsx b/web/app/(shareLayout)/components/splash.tsx
index c26ea7e045..16d291d4b4 100644
--- a/web/app/(shareLayout)/components/splash.tsx
+++ b/web/app/(shareLayout)/components/splash.tsx
@@ -6,7 +6,6 @@ import { useWebAppStore } from '@/context/web-app-context'
 import { useRouter, useSearchParams } from 'next/navigation'
 import AppUnavailable from '@/app/components/base/app-unavailable'
 import { useTranslation } from 'react-i18next'
-import { AccessMode } from '@/models/access-control'
 import { webAppLoginStatus, webAppLogout } from '@/service/webapp-auth'
 import { fetchAccessToken } from '@/service/share'
 import Loading from '@/app/components/base/loading'
@@ -35,7 +34,6 @@ const Splash: FC<PropsWithChildren> = ({ children }) => {
     router.replace(url)
   }, [getSigninUrl, router, webAppLogout, shareCode])
 
-  const needCheckIsLogin = webAppAccessMode !== AccessMode.PUBLIC
   const [isLoading, setIsLoading] = useState(true)
   useEffect(() => {
     if (message) {
@@ -58,8 +56,8 @@ const Splash: FC<PropsWithChildren> = ({ children }) => {
     }
 
     (async () => {
-      const { userLoggedIn, appLoggedIn } = await webAppLoginStatus(needCheckIsLogin, shareCode!)
-
+      // if access mode is public, user login is always true, but the app login(passport) may be expired
+      const { userLoggedIn, appLoggedIn } = await webAppLoginStatus(shareCode!)
       if (userLoggedIn && appLoggedIn) {
         redirectOrFinish()
       }
@@ -87,7 +85,6 @@ const Splash: FC<PropsWithChildren> = ({ children }) => {
     router,
     message,
     webAppAccessMode,
-    needCheckIsLogin,
     tokenFromUrl])
 
   if (message) {
diff --git a/web/context/web-app-context.tsx b/web/context/web-app-context.tsx
index 48de01f2df..bcbd39b5fc 100644
--- a/web/context/web-app-context.tsx
+++ b/web/context/web-app-context.tsx
@@ -68,14 +68,14 @@ const WebAppStoreProvider: FC<PropsWithChildren> = ({ children }) => {
     updateShareCode(shareCode)
   }, [shareCode, updateShareCode])
 
-  const { isFetching, data: accessModeResult } = useGetWebAppAccessModeByCode(shareCode)
+  const { isLoading, data: accessModeResult } = useGetWebAppAccessModeByCode(shareCode)
 
   useEffect(() => {
     if (accessModeResult?.accessMode)
       updateWebAppAccessMode(accessModeResult.accessMode)
   }, [accessModeResult, updateWebAppAccessMode, shareCode])
 
-  if (isGlobalPending || isFetching) {
+  if (isGlobalPending || isLoading) {
     return <div className='flex h-full w-full items-center justify-center'>
       <Loading />
     </div>
diff --git a/web/service/webapp-auth.ts b/web/service/webapp-auth.ts
index a7ce7153bf..e7e3f86406 100644
--- a/web/service/webapp-auth.ts
+++ b/web/service/webapp-auth.ts
@@ -30,14 +30,8 @@ type isWebAppLogin = {
   app_logged_in: boolean
 }
 
-export async function webAppLoginStatus(enabled: boolean, shareCode: string) {
-  if (!enabled) {
-    return {
-      userLoggedIn: true,
-      appLoggedIn: true,
-    }
-  }
-
+export async function webAppLoginStatus(shareCode: string) {
+  // always need to check login to prevent passport from being outdated
   // check remotely, the access token could be in cookie (enterprise SSO redirected with https)
   const { logged_in, app_logged_in } = await getPublic<isWebAppLogin>(`/login/status?app_code=${shareCode}`)
   return {