diff --git a/management/server/sqlite_store.go b/management/server/sqlite_store.go
index 97c759d8a..c5356581a 100644
--- a/management/server/sqlite_store.go
+++ b/management/server/sqlite_store.go
@@ -434,16 +434,16 @@ func (s *SqliteStore) GetAccountByPeerPubKey(peerKey string) (*Account, error) {
 
 // SaveUserLastLogin stores the last login time for a user in DB.
 func (s *SqliteStore) SaveUserLastLogin(accountID, userID string, lastLogin time.Time) error {
-	var peer Peer
+	var user User
 
-	result := s.db.First(&peer, "account_id = ? and user_id = ?", accountID, userID)
+	result := s.db.First(&user, "account_id = ? and id = ?", accountID, userID)
 	if result.Error != nil {
 		return status.Errorf(status.NotFound, "user %s not found", userID)
 	}
 
-	peer.LastLogin = lastLogin
+	user.LastLogin = lastLogin
 
-	return s.db.Save(peer).Error
+	return s.db.Save(user).Error
 }
 
 // Close is noop in Sqlite
diff --git a/management/server/user.go b/management/server/user.go
index edb649340..6093d93a2 100644
--- a/management/server/user.go
+++ b/management/server/user.go
@@ -299,6 +299,14 @@ func (am *DefaultAccountManager) GetUser(claims jwtclaims.AuthorizationClaims) (
 		return nil, fmt.Errorf("failed to get account with token claims %v", err)
 	}
 
+	unlock := am.Store.AcquireAccountLock(account.Id)
+	defer unlock()
+
+	account, err = am.Store.GetAccount(account.Id)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get an account from store %v", err)
+	}
+
 	user, ok := account.Users[claims.UserId]
 	if !ok {
 		return nil, status.Errorf(status.NotFound, "user not found")
@@ -306,16 +314,16 @@ func (am *DefaultAccountManager) GetUser(claims jwtclaims.AuthorizationClaims) (
 
 	// this code should be outside of the am.GetAccountFromToken(claims) because this method is called also by the gRPC
 	// server when user authenticates a device. And we need to separate the Dashboard login event from the Device login event.
-	unlock := am.Store.AcquireAccountLock(account.Id)
 	newLogin := user.LastDashboardLoginChanged(claims.LastLogin)
+
 	err = am.Store.SaveUserLastLogin(account.Id, claims.UserId, claims.LastLogin)
-	unlock()
+	if err != nil {
+		log.Errorf("failed saving user last login: %v", err)
+	}
+
 	if newLogin {
 		meta := map[string]any{"timestamp": claims.LastLogin}
 		am.storeEvent(claims.UserId, claims.UserId, account.Id, activity.DashboardLogin, meta)
-		if err != nil {
-			log.Errorf("failed saving user last login: %v", err)
-		}
 	}
 
 	return user, nil