diff --git a/lib/auth.js b/lib/auth.js
index 44673c20..fa4d97f4 100644
--- a/lib/auth.js
+++ b/lib/auth.js
@@ -149,7 +149,7 @@ async function refreshMultiAuthCookies (req, res) {
     // only refresh session cookie manually if we switched to anon since else it's already handled by next-auth
     if (key === SESSION_COOKIE && !isAnon) continue
 
-    if (!key.startsWith(MULTI_AUTH_LIST) && key !== SESSION_COOKIE) continue
+    if (!MULTI_AUTH_REGEXP.test(key) && key !== SESSION_COOKIE) continue
 
     if (MULTI_AUTH_JWT_REGEXP.test(key) || key === SESSION_COOKIE) {
       const oldToken = value