Describe the bug
When logging in on PyPI via https://pypi.org/account/login/, the login flow appears to succeed through username/password and the second factor code entry, but the session is immediately invalidated. After submitting the 2FA code, I am redirected to a page that still shows “Log in” and “Register” (no account/menu visible), with a banner message at the top: “Session invalidated”. In the browser network tab, the request to https://pypi.org/account/two-factor returns HTTP 303.

Expected behavior
After successfully entering username/password and a valid 2FA code, I should be logged in and see my account/session (e.g., account menu / profile link), without any “Session invalidated” message.

To Reproduce

1. Go to https://pypi.org/account/login/
2. Enter PyPI username (nickname) and password, submit
3. Enter the 2FA authentication code, submit
4. Observe that the page still shows “Log in” / “Register” and a banner “Session invalidated”
5. Open DevTools → Network: request to https://pypi.org/account/two-factor shows 303 status

My Platform

• Browser: Google Chrome Version 143.0.7499.170 (Official Build) (arm64)

Additional context

• The visible UI after completing 2FA looks like an unauthenticated state (no account information shown).
• Network: https://pypi.org/account/two-factor returns 303 during the 2FA step.
• Nickname: eugene.evstafev