diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index d6d9eeea7a20..a5ae93d0d005 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -347,6 +347,10 @@ def check_auth(
                     creds,
                     list(clientdict),
                 )
+
+                # Blow away the session so it can not be re-used.
+                self._invalidate_session(session["id"])
+
                 return creds, clientdict, session["id"]
 
         ret = self._auth_dict_for_flows(flows, session)
@@ -517,6 +521,17 @@ def _get_session_info(self, session_id: Optional[str]) -> dict:
 
         return self.sessions[session_id]
 
+    def _invalidate_session(self, session_id) -> None:
+        """Invalidate session information for session ID"""
+        session = self.sessions.get(session_id, None)
+        if session and "ui_auth" in session:
+            # Set the items in the ui_auth session to sentinel values that can
+            # never be equaled.
+            session["ui_auth"] = {
+                "action_type": object(),
+                "action_id": object(),
+            }
+
     @defer.inlineCallbacks
     def get_access_token_for_user_id(
         self, user_id: str, device_id: Optional[str], valid_until_ms: Optional[int]
diff --git a/tests/rest/client/v2_alpha/test_auth.py b/tests/rest/client/v2_alpha/test_auth.py
index b6df1396ad66..3e9edc368083 100644
--- a/tests/rest/client/v2_alpha/test_auth.py
+++ b/tests/rest/client/v2_alpha/test_auth.py
@@ -104,7 +104,7 @@ def test_fallback_captcha(self):
         )
         self.render(request)
 
-        # Now we should have fufilled a complete auth flow, including
+        # Now we should have fulfilled a complete auth flow, including
         # the recaptcha fallback step, we can then send a
         # request to the register API with the session in the authdict.
         request, channel = self.make_request(