diff --git a/internal/api/oidc/auth_request.go b/internal/api/oidc/auth_request.go
index 5053f7c1af..de6ce3c794 100644
--- a/internal/api/oidc/auth_request.go
+++ b/internal/api/oidc/auth_request.go
@@ -555,7 +555,7 @@ func (s *Server) authResponseToken(authReq *AuthRequest, authorizer op.Authorize
 		authReq.AuthTime,
 		authReq.GetNonce(),
 		authReq.PreferredLanguage,
-		authReq.BrowserInfo.ToUserAgent(),
+		authReq.ToUserAgent(),
 		domain.TokenReasonAuthRequest,
 		nil,
 		slices.Contains(scope, oidc.ScopeOfflineAccess),
diff --git a/internal/api/oidc/token_code.go b/internal/api/oidc/token_code.go
index 2e47c55641..b4705e9f2c 100644
--- a/internal/api/oidc/token_code.go
+++ b/internal/api/oidc/token_code.go
@@ -81,7 +81,7 @@ func (s *Server) codeExchangeV1(ctx context.Context, client *Client, req *oidc.A
 		authReq.AuthTime,
 		authReq.GetNonce(),
 		authReq.PreferredLanguage,
-		authReq.BrowserInfo.ToUserAgent(),
+		authReq.ToUserAgent(),
 		domain.TokenReasonAuthRequest,
 		nil,
 		slices.Contains(scope, oidc.ScopeOfflineAccess),
diff --git a/internal/api/ui/login/device_auth.go b/internal/api/ui/login/device_auth.go
index 0d5349903e..ca26fb956b 100644
--- a/internal/api/ui/login/device_auth.go
+++ b/internal/api/ui/login/device_auth.go
@@ -162,7 +162,7 @@ func (l *Login) handleDeviceAuthAction(w http.ResponseWriter, r *http.Request) {
 	action := mux.Vars(r)["action"]
 	switch action {
 	case deviceAuthAllowed:
-		_, err = l.command.ApproveDeviceAuth(r.Context(), authDev.DeviceCode, authReq.UserID, authReq.UserOrgID, authReq.UserAuthMethodTypes(), authReq.AuthTime, authReq.PreferredLanguage, authReq.BrowserInfo.ToUserAgent())
+		_, err = l.command.ApproveDeviceAuth(r.Context(), authDev.DeviceCode, authReq.UserID, authReq.UserOrgID, authReq.UserAuthMethodTypes(), authReq.AuthTime, authReq.PreferredLanguage, authReq.ToUserAgent())
 	case deviceAuthDenied:
 		_, err = l.command.CancelDeviceAuth(r.Context(), authDev.DeviceCode, domain.DeviceAuthCanceledDenied)
 	default:
diff --git a/internal/domain/browser_info.go b/internal/domain/browser_info.go
index 7261cb3e6e..fd0073183f 100644
--- a/internal/domain/browser_info.go
+++ b/internal/domain/browser_info.go
@@ -23,14 +23,15 @@ func BrowserInfoFromRequest(r *net_http.Request) *BrowserInfo {
 	}
 }
 
-func (b *BrowserInfo) ToUserAgent() *UserAgent {
-	if b == nil {
-		return nil
+func (a *AuthRequest) ToUserAgent() *UserAgent {
+	agent := &UserAgent{
+		FingerprintID: &a.AgentID,
 	}
-	return &UserAgent{
-		FingerprintID: &b.UserAgent,
-		IP:            b.RemoteIP,
-		Description:   &b.UserAgent,
-		Header:        b.Header,
+	if a.BrowserInfo == nil {
+		return agent
 	}
+	agent.IP = a.BrowserInfo.RemoteIP
+	agent.Description = &a.BrowserInfo.UserAgent
+	agent.Header = a.BrowserInfo.Header
+	return agent
 }
diff --git a/internal/user/repository/view/user_sessions_by_user_agent.sql b/internal/user/repository/view/user_sessions_by_user_agent.sql
index d5f5191863..476f43ba81 100644
--- a/internal/user/repository/view/user_sessions_by_user_agent.sql
+++ b/internal/user/repository/view/user_sessions_by_user_agent.sql
@@ -22,6 +22,6 @@ FROM auth.user_sessions s
          LEFT JOIN projections.users13 u ON s.user_id = u.id AND s.instance_id = u.instance_id
          LEFT JOIN projections.users13_humans h ON s.user_id = h.user_id AND s.instance_id = h.instance_id
          LEFT JOIN projections.login_names3 l ON s.user_id = l.user_id AND s.instance_id = l.instance_id AND l.is_primary = true
-WHERE (s.user_agent_id = $1)
+WHERE (s.user_agent_id = $1 and s.user_agent_id <> '')
   AND (s.instance_id = $2)
 ;
\ No newline at end of file