diff --git a/CHANGELOG.md b/CHANGELOG.md
index ea41c10..dac757f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,11 @@
 - Now requires PHP `8.2.0+`.
 - Now requires Craft `5.0.0-beta.1+`.
 
+## 4.0.9 - 2024-04-05
+
+### Added
+- Add improved session-handling for authorization and callback methods, to improve failed sessions in some cases.
+
 ## 4.0.8 - 2023-12-08
 
 ### Fixed
diff --git a/composer.json b/composer.json
index e6a7729..f1aa872 100644
--- a/composer.json
+++ b/composer.json
@@ -27,7 +27,7 @@
     "require": {
         "php": "^8.2",
         "craftcms/cms": "^5.0.0-beta.1",
-        "verbb/auth": "^2.0.0-beta.1",
+        "verbb/auth": "^2.0.0-beta.2",
         "verbb/base": "^3.0.0-beta.1"
     },
     "autoload": {
diff --git a/docs/developers/account-provider.md b/docs/developers/account-provider.md
index 7b3a37d..4b26ee8 100644
--- a/docs/developers/account-provider.md
+++ b/docs/developers/account-provider.md
@@ -97,4 +97,4 @@ class MyAccountProvider extends OAuthAccount
 
 This is the minimum amount of implementation required for a typical account provider.
 
-Social Poster account provider are built around the [Auth](https://github.com/verbb/auth) which in turn in built around [league/oauth2-client](https://github.com/thephpleague/oauth2-client). You can see that the `getOAuthProviderClass()` must return a `League\OAuth2\Client\Provider\AbstractProvider` class.
+Social Poster account provider are built around the [Auth](https://github.com/verbb/auth) which in turn is built around [league/oauth2-client](https://github.com/thephpleague/oauth2-client). You can see that the `getOAuthProviderClass()` must return a `League\OAuth2\Client\Provider\AbstractProvider` class.
diff --git a/src/controllers/AuthController.php b/src/controllers/AuthController.php
index 716a18b..e95c7e9 100644
--- a/src/controllers/AuthController.php
+++ b/src/controllers/AuthController.php
@@ -61,6 +61,10 @@ public function actionConnect(): ?Response
 
     public function actionCallback(): ?Response
     {
+
+        // Restore the session data that we saved before authorization redirection from the cache back to session
+        Session::restoreSession($this->request->getParam('state'));
+        
         // Get both the origin (failure) and redirect (success) URLs
         $origin = Session::get('origin');
         $redirect = Session::get('redirect');
diff --git a/src/migrations/Install.php b/src/migrations/Install.php
index 304f96f..e63c810 100644
--- a/src/migrations/Install.php
+++ b/src/migrations/Install.php
@@ -14,7 +14,6 @@ class Install extends Migration
     public function safeUp(): bool
     {
         // Ensure that the Auth module kicks off setting up tables
-        // Use `Auth::getInstance()` not `Auth::$plugin` as it doesn't seem to work well in migrations
         Auth::getInstance()->migrator->up();
 
         $this->createTables();
@@ -30,7 +29,6 @@ public function safeDown(): bool
         $this->dropTables();
 
         // Delete all tokens for this plugin
-        // Use `Auth::getInstance()` not `Auth::$plugin` as it doesn't seem to work well in migrations
         Auth::getInstance()->getTokens()->deleteTokensByOwner('social-poster');
 
         return true;