diff --git a/src/routes/demo.py b/src/routes/demo.py
index afae7cf..c4b3b15 100644
--- a/src/routes/demo.py
+++ b/src/routes/demo.py
@@ -141,7 +141,14 @@ async def step1(request: Request):
     Fetches an app-level token with scope 'user:create,authorization:grant'.
     Docs: https://docs.tink.com/api#connectivity/oauth/create-an-oauth-token
     """
-    sess = _session(request)
+    # Step 1 always starts a clean session — equivalent to reset
+    old_sid = request.session.get("demo", {}).get("sid", "")
+    if old_sid:
+        _token_store.pop(old_sid, None)
+        _callback_locks.pop(old_sid, None)
+    request.session.pop("demo", None)
+
+    sess = _session(request)  # creates a fresh demo dict with a new sid
     client = _client(log_cb=_logger(sess))
     s = get_settings()
     error = None