diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php
index f3f41962e5..0f156f9dd8 100644
--- a/app/controllers/shared/api.php
+++ b/app/controllers/shared/api.php
@@ -329,7 +329,7 @@ App::shutdown()
         $route = $utopia->match($request);
         $event = $route->getLabel('event', '');
         if ($event === 'users.[userId].sessions.[sessionId].create' && $project->getId() != 'console') {
-            $sessionLimit = $project->getAttribute('auth', [])['maxSessions'] ?? APP_LIMIT_USER_SESSIONS;
+            $sessionLimit = $project->getAttribute('auths', [])['maxSessions'] ?? APP_LIMIT_USER_SESSIONS;
             $session = $response->getPayload();
             $userId = $session['userId'] ?? '';
             if (empty($userId)) {
@@ -348,7 +348,7 @@ App::shutdown()
             }
 
             for ($i = 0; $i < ($count - $sessionLimit); $i++) {
-                $session = array_pop($sessions);
+                $session = array_shift($sessions);
                 $dbForProject->deleteDocument('sessions', $session->getId());
             }
             $dbForProject->deleteCachedDocument('users', $userId);
diff --git a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php
index 57ccd6d893..9c4f693e24 100644
--- a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php
+++ b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php
@@ -960,6 +960,9 @@ class ProjectsConsoleClientTest extends Scope
         $sessionCookie = $response['headers']['set-cookie'];
         $sessionId2 = $response['body']['$id'];
 
+        // request was called in parallel and test failed
+        sleep(5);
+
         /**
          * List sessions
          */
@@ -976,7 +979,6 @@ class ProjectsConsoleClientTest extends Scope
         $this->assertEquals(1, count($sessions));
         $this->assertEquals($sessionId2, $sessions[0]['$id']);
 
-
         return $data;
     }