diff --git a/src/behaviors/ValidateMfaBehavior.php b/src/behaviors/ValidateMfaBehavior.php
index 2e7f815..603131e 100644
--- a/src/behaviors/ValidateMfaBehavior.php
+++ b/src/behaviors/ValidateMfaBehavior.php
@@ -13,8 +13,8 @@
 use hiqdev\yii2\mfa\exceptions\AuthenticationException;
 use hiqdev\yii2\mfa\Module;
 use Yii;
-use yii\base\Event;
 use yii\web\User;
+use yii\web\UserEvent;
 
 class ValidateMfaBehavior extends \yii\base\Behavior
 {
@@ -25,7 +25,10 @@ public function events()
         ];
     }
 
-    public function beforeLogin(Event $event)
+    /**
+     * @param UserEvent $event
+     */
+    public function beforeLogin(UserEvent $event)
     {
         /** @var Module $module */
         $module = Yii::$app->getModule('mfa');
@@ -36,7 +39,11 @@ public function beforeLogin(Event $event)
             $module->validateIps($identity);
             $module->validateTotp($identity);
         } catch (AuthenticationException $e) {
-            $e->redirect();
+            if ($event->cookieBased) {
+                $event->isValid = false;
+            } else {
+                $e->redirect();
+            }
         }
     }
 }