diff --git a/samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer.EFCore/uauth.db-shm b/samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer.EFCore/uauth.db-shm
index f64b9c90..1c694283 100644
Binary files a/samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer.EFCore/uauth.db-shm and b/samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer.EFCore/uauth.db-shm differ
diff --git a/samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer.EFCore/uauth.db-wal b/samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer.EFCore/uauth.db-wal
index 05f8b783..b5380fc8 100644
Binary files a/samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer.EFCore/uauth.db-wal and b/samples/blazor-server/CodeBeam.UltimateAuth.Sample.BlazorServer.EFCore/uauth.db-wal differ
diff --git a/src/CodeBeam.UltimateAuth.Server/Flows/Login/LoginOrchestrator.cs b/src/CodeBeam.UltimateAuth.Server/Flows/Login/LoginOrchestrator.cs
index 54c018d5..1b353d97 100644
--- a/src/CodeBeam.UltimateAuth.Server/Flows/Login/LoginOrchestrator.cs
+++ b/src/CodeBeam.UltimateAuth.Server/Flows/Login/LoginOrchestrator.cs
@@ -131,8 +131,15 @@ public async Task<LoginResult> LoginAsync(AuthFlowContext flow, LoginRequest req
         {
             var chain = await sessionStore.GetChainByDeviceAsync(userKey.Value, deviceId, ct);
 
-            if (chain is not null && !chain.IsRevoked)
-                chainId = chain.ChainId;
+            if (chain is not null)
+            {
+                var chainState = chain.GetState(now, _options.Session.IdleTimeout);
+
+                if (chainState == SessionState.Active)
+                {
+                    chainId = chain.ChainId;
+                }
+            }
         }
 
         // TODO: Add accountState here, currently it only checks factor state
diff --git a/src/CodeBeam.UltimateAuth.Server/Infrastructure/Issuers/UAuthSessionIssuer.cs b/src/CodeBeam.UltimateAuth.Server/Infrastructure/Issuers/UAuthSessionIssuer.cs
index 38cf330d..343bac0c 100644
--- a/src/CodeBeam.UltimateAuth.Server/Infrastructure/Issuers/UAuthSessionIssuer.cs
+++ b/src/CodeBeam.UltimateAuth.Server/Infrastructure/Issuers/UAuthSessionIssuer.cs
@@ -92,8 +92,13 @@ await kernel.ExecuteAsync(async _ =>
                 //chain = await kernel.GetChainAsync(context.ChainId.Value)
                 //    ?? throw new UAuthNotFoundException("Chain not found.");
 
-                if (chain.IsRevoked)
-                    throw new UAuthValidationException("Chain revoked.");
+                var chainState = chain.GetState(now, _options.Session.IdleTimeout);
+
+                if (chainState != SessionState.Active)
+                    throw new UAuthValidationException("Chain is not active.");
+
+                //if (chain.IsRevoked)
+                //    throw new UAuthValidationException("Chain revoked.");
 
                 if (chain.UserKey != context.UserKey || chain.Tenant != context.Tenant)
                     throw new UAuthValidationException("Invalid chain ownership.");