diff --git a/apps/browser-extension/src/entrypoints/popup/context/NavigationContext.tsx b/apps/browser-extension/src/entrypoints/popup/context/NavigationContext.tsx
index bee764717..d5af47ce4 100644
--- a/apps/browser-extension/src/entrypoints/popup/context/NavigationContext.tsx
+++ b/apps/browser-extension/src/entrypoints/popup/context/NavigationContext.tsx
@@ -48,7 +48,6 @@ export const NavigationProvider: React.FC<{ children: React.ReactNode }> = ({ ch
       '/',
       '/reinitialize',
       '/login',
-      '/mobile-login',
       '/unlock',
       '/unlock-success',
       '/auth-settings',
diff --git a/apps/mobile-app/app/(tabs)/settings/mobile-unlock/[id].tsx b/apps/mobile-app/app/(tabs)/settings/mobile-unlock/[id].tsx
index f444b523e..21900299c 100644
--- a/apps/mobile-app/app/(tabs)/settings/mobile-unlock/[id].tsx
+++ b/apps/mobile-app/app/(tabs)/settings/mobile-unlock/[id].tsx
@@ -33,7 +33,6 @@ export default function MobileUnlockConfirmScreen() : React.ReactNode {
   const handleMobileLogin = async (id: string) : Promise<void> => {
     try {
       // Fetch the public key from server
-      console.log('makig request to /auth/mobile-login/request', id);
       const response = await webApi.authFetch<{ clientPublicKey: string }>(
         `auth/mobile-login/request/${id}`,
         { method: 'GET' }
@@ -210,8 +209,6 @@ export default function MobileUnlockConfirmScreen() : React.ReactNode {
     },
   });
 
-  console.log('[_qrconfirm] rendered with id:', id);
-
   // Show loading during processing
   if (isProcessing) {
     return (
diff --git a/apps/mobile-app/app/(tabs)/settings/qr-scanner.tsx b/apps/mobile-app/app/(tabs)/settings/qr-scanner.tsx
index e655e34e2..fc244d36f 100644
--- a/apps/mobile-app/app/(tabs)/settings/qr-scanner.tsx
+++ b/apps/mobile-app/app/(tabs)/settings/qr-scanner.tsx
@@ -112,7 +112,6 @@ export default function QRScannerScreen() : React.ReactNode {
          */
         setIsLoadingAfterScan(false);
 
-        console.log('[_qrscanner] navigate to mobile-unlock with replace:', parsedData.payload);
         router.replace(`/(tabs)/settings/mobile-unlock/${parsedData.payload}` as Href);
       }
     } catch (error) {
diff --git a/apps/mobile-app/app/open/[...path].tsx b/apps/mobile-app/app/open/[...path].tsx
index 9efa503fe..a9818ab46 100644
--- a/apps/mobile-app/app/open/[...path].tsx
+++ b/apps/mobile-app/app/open/[...path].tsx
@@ -50,7 +50,6 @@ export default function ActionHandler() : null {
         }
 
         // First navigate to settings tab to establish correct navigation stack
-        console.log('[_actionhandler] navigate to qr-confirm');
         router.replace(`/(tabs)/settings/mobile-unlock/${requestId}` as Href);
         setHasNavigated(true);
         break;
diff --git a/apps/mobile-app/components/credentials/CredentialCard.tsx b/apps/mobile-app/components/credentials/CredentialCard.tsx
index 5b8a61453..d28878280 100644
--- a/apps/mobile-app/components/credentials/CredentialCard.tsx
+++ b/apps/mobile-app/components/credentials/CredentialCard.tsx
@@ -83,8 +83,6 @@ export function CredentialCard({ credential, onCredentialDelete }: CredentialCar
   const handleContextMenuAction = async (event: OnPressMenuItemEvent): Promise<void> => {
     const { name } = event.nativeEvent;
 
-    console.log('handleContextMenuAction', name);
-
     switch (name) {
       case t('credentials.contextMenu.edit'):
         Keyboard.dismiss();
diff --git a/apps/mobile-app/context/AuthContext.tsx b/apps/mobile-app/context/AuthContext.tsx
index c58f9dbe9..4260806d7 100644
--- a/apps/mobile-app/context/AuthContext.tsx
+++ b/apps/mobile-app/context/AuthContext.tsx
@@ -195,7 +195,6 @@ export const AuthProvider: React.FC<{ children: React.ReactNode }> = ({ children
    * This is called by AppContext after revoking tokens on the server.
    */
   const clearAuth = useCallback(async (errorMessage?: string): Promise<void> => {
-    console.log('Clearing auth --- attempt');
     // Clear credential identity store (password and passkey autofill metadata)
     try {
       await NativeVaultManager.removeCredentialIdentities();
@@ -439,7 +438,6 @@ export const AuthProvider: React.FC<{ children: React.ReactNode }> = ({ children
             // Check if vault is unlocked.
             const isUnlocked = await isVaultUnlocked();
             if (!isUnlocked) {
-              console.log('-------- vault NOT unlocked trigger detection here ---------------------')
               // Get current full URL including query params
               const currentRoute = lastRouteRef.current;
               if (currentRoute?.path) {
diff --git a/apps/mobile-app/utils/PostUnlockNavigation.ts b/apps/mobile-app/utils/PostUnlockNavigation.ts
index 500b13941..0ed0cf488 100644
--- a/apps/mobile-app/utils/PostUnlockNavigation.ts
+++ b/apps/mobile-app/utils/PostUnlockNavigation.ts
@@ -99,14 +99,12 @@ export class PostUnlockNavigation {
 
     // Priority 1: Handle pending deep link (e.g. from QR code scan or native autofill interface)
     if (pendingDeepLink) {
-      console.log('[_postunlocknavigation] navigate with pendingDeepLink:', pendingDeepLink);
       this.handlePendingDeepLink(pendingDeepLink, router);
       return;
     }
 
     // Priority 2: Handle return URL (from reinitialize flow)
     if (returnUrl?.path) {
-      console.log('[_postunlocknavigation] navigate with returnUrl:', returnUrl);
       this.handleReturnUrl(returnUrl, router);
       if (clearReturnUrl) {
         clearReturnUrl();
diff --git a/apps/server/AliasVault.Api/Controllers/AuthController.cs b/apps/server/AliasVault.Api/Controllers/AuthController.cs
index 72b283640..ab82a5a88 100644
--- a/apps/server/AliasVault.Api/Controllers/AuthController.cs
+++ b/apps/server/AliasVault.Api/Controllers/AuthController.cs
@@ -597,7 +597,7 @@ public class AuthController(IAliasServerDbContextFactory dbContextFactory, UserM
         var loginRequest = await context.MobileLoginRequests.FirstOrDefaultAsync(r => r.Id == requestId);
 
         // Check if request exists and hasn't expired
-        if (loginRequest == null || loginRequest.CreatedAt.AddMinutes(MobileLoginTimeoutMinutes) < timeProvider.UtcNow)
+        if (loginRequest == null || loginRequest.CreatedAt.AddSeconds(MobileLoginTimeoutMinutes) < timeProvider.UtcNow)
         {
             return NotFound(ApiErrorCodeHelper.CreateErrorResponse(ApiErrorCode.MOBILE_LOGIN_REQUEST_NOT_FOUND, 404));
         }
@@ -697,7 +697,7 @@ public class AuthController(IAliasServerDbContextFactory dbContextFactory, UserM
         var loginRequest = await context.MobileLoginRequests.FirstOrDefaultAsync(r => r.Id == requestId);
 
         // Check if request exists and hasn't expired
-        if (loginRequest == null || loginRequest.CreatedAt.AddMinutes(MobileLoginTimeoutMinutes) < timeProvider.UtcNow)
+        if (loginRequest == null || loginRequest.CreatedAt.AddSeconds(MobileLoginTimeoutMinutes) < timeProvider.UtcNow)
         {
             return NotFound(ApiErrorCodeHelper.CreateErrorResponse(ApiErrorCode.MOBILE_LOGIN_REQUEST_NOT_FOUND, 404));
         }
@@ -727,7 +727,7 @@ public class AuthController(IAliasServerDbContextFactory dbContextFactory, UserM
         var loginRequest = await context.MobileLoginRequests.FirstOrDefaultAsync(r => r.Id == model.RequestId);
 
         // Check if request exists and hasn't expired
-        if (loginRequest == null || loginRequest.CreatedAt.AddMinutes(MobileLoginTimeoutMinutes) < timeProvider.UtcNow)
+        if (loginRequest == null || loginRequest.CreatedAt.AddSeconds(MobileLoginTimeoutMinutes) < timeProvider.UtcNow)
         {
             return NotFound(ApiErrorCodeHelper.CreateErrorResponse(ApiErrorCode.MOBILE_LOGIN_REQUEST_NOT_FOUND, 404));
         }