diff --git a/packages/cli/src/auth/auth.service.ts b/packages/cli/src/auth/auth.service.ts
index 636c5a27abff0..9032b446de6a0 100644
--- a/packages/cli/src/auth/auth.service.ts
+++ b/packages/cli/src/auth/auth.service.ts
@@ -150,7 +150,7 @@ export class AuthService {
 
 		if (jwtPayload.exp * 1000 - Date.now() < this.jwtRefreshTimeout) {
 			this.logger.debug('JWT about to expire. Will be refreshed');
-			this.issueCookie(res, user, jwtPayload.browserId);
+			this.issueCookie(res, user, req.browserId);
 		}
 
 		return user;
diff --git a/packages/cli/test/unit/auth/auth.service.test.ts b/packages/cli/test/unit/auth/auth.service.test.ts
index e7106c51d7b73..60fdd121266db 100644
--- a/packages/cli/test/unit/auth/auth.service.test.ts
+++ b/packages/cli/test/unit/auth/auth.service.test.ts
@@ -202,6 +202,13 @@ describe('AuthService', () => {
 				sameSite: 'lax',
 				secure: false,
 			});
+
+			const newToken = res.cookie.mock.calls[0].at(1);
+			expect(newToken).not.toBe(validToken);
+			expect(await authService.resolveJwt(newToken, req, res)).toEqual(user);
+			expect((jwt.decode(newToken) as jwt.JwtPayload).browserId).toEqual(
+				(jwt.decode(validToken) as jwt.JwtPayload).browserId,
+			);
 		});
 
 		it('should refresh the cookie only if less than 1/4th of time is left', async () => {