diff --git a/src/djangooidc/backends.py b/src/djangooidc/backends.py
index 3f5c1022e..96b7a902a 100644
--- a/src/djangooidc/backends.py
+++ b/src/djangooidc/backends.py
@@ -23,7 +23,7 @@ class OpenIdConnectBackend(ModelBackend):
     def authenticate(self, request, **kwargs):
         logger.debug("kwargs %s" % kwargs)
         user = None
-        request.session["is_new_user"] = True
+
         if not kwargs or "sub" not in kwargs.keys():
             return user
 
@@ -49,7 +49,9 @@ class OpenIdConnectBackend(ModelBackend):
             }
 
             user, created = UserModel.objects.get_or_create(**args)
-            request.session["is_new_user"] = created
+
+            if created:
+                request.session["is_new_user"] = True
 
             if not created:
                 # If user exists, update existing user
@@ -60,8 +62,8 @@ class OpenIdConnectBackend(ModelBackend):
         else:
             try:
                 user = UserModel.objects.get_by_natural_key(username)
-                request.session["is_new_user"] = False
             except UserModel.DoesNotExist:
+                request.session["is_new_user"] = True
                 return None
         # run this callback for a each login
         user.on_each_login()
diff --git a/src/djangooidc/views.py b/src/djangooidc/views.py
index 3716ebf19..7b5c58527 100644
--- a/src/djangooidc/views.py
+++ b/src/djangooidc/views.py
@@ -99,7 +99,7 @@ def login_callback(request):
             request.session["acr_value"] = CLIENT.get_step_up_acr_value()
             return CLIENT.create_authn_request(request.session)
         user = authenticate(request=request, **userinfo)
-        is_new_user = request.session["is_new_user"]
+        is_new_user = request.session.get("is_new_user", False)
         if user:
             should_update_user = False
             # Fixture users kind of exist in a superposition of verification types,
@@ -114,9 +114,7 @@ def login_callback(request):
                 user.set_user_verification_type()
                 should_update_user = True
 
-            # If we're dealing with a new user and if this field isn't set already,
-            # Then set this to False. Otherwise, if we set the field manually it'll revert.
-            if is_new_user and not user.finished_setup:
+            if is_new_user:
                 user.finished_setup = False
                 should_update_user = True
 
diff --git a/src/registrar/registrar_middleware.py b/src/registrar/registrar_middleware.py
index 0054f9158..064757d80 100644
--- a/src/registrar/registrar_middleware.py
+++ b/src/registrar/registrar_middleware.py
@@ -20,10 +20,20 @@ class CheckUserProfileMiddleware:
         return response
 
     def process_view(self, request, view_func, view_args, view_kwargs):
-        # Check if the user is authenticated and if the setup is not finished
-        if request.user.is_authenticated and not request.user.finished_setup:
-            # Redirect to the setup page
-            return HttpResponseRedirect(reverse('finish-contact-profile-setup'))
+        # Check if setup is not finished
+        finished_setup = hasattr(request.user, "finished_setup") and request.user.finished_setup
+        if request.user.is_authenticated and not finished_setup:
+            setup_page = reverse("finish-contact-profile-setup", kwargs={'pk': request.user.pk})
+            logout_page = reverse("logout")
+            excluded_pages = [
+                setup_page,
+                logout_page,
+            ]
+
+            # Don't redirect on excluded pages (such as the setup page itself)
+            if not any(request.path.startswith(page) for page in excluded_pages):
+                # Redirect to the setup page
+                return HttpResponseRedirect(setup_page)
 
         # Continue processing the view
         return None