diff --git a/app/views/users/change_password.html.erb b/app/views/users/change_password.html.erb
index 9e08ff70e..bda7ecda0 100644
--- a/app/views/users/change_password.html.erb
+++ b/app/views/users/change_password.html.erb
@@ -5,7 +5,7 @@
     <%= simple_form_for :user,
                         url: update_password_path,
                         method: :post,
-                        html: { class: "space-y-4" } do |f| %>
+                        html: { class: "space-y-4", data: { turbo: false } } do |f| %>
       <!-- CURRENT PASSWORD -->
       <div data-controller="password-toggle" class="input password required mb-4">
         <label class="password required block font-medium mb-1 text-gray-700" for="user_current_password">Current password <abbr title="required">*</abbr></label>
@@ -26,16 +26,6 @@
           </button>
         </div>
       </div>
-      <p class="text-gray-500 text-sm mt-1">
-        Don't remember your password?
-        <%= link_to "Log out and reset it.",
-                    destroy_user_session_path(reset_password: true),
-                    class: "action-link-text text-black-300 underline hover:text-blue-600",
-                    data: {
-                      turbo_method: :delete,
-                      turbo_confirm: "This will log you out and send you to the password reset page. Continue?"
-                    } %>
-      </p>
       <!-- NEW PASSWORD -->
       <div data-controller="password-toggle" class="input password required mb-4 mt-6 pt-6">
         <label class="password required block font-medium mb-1 text-gray-700" for="change-password-new-password">New password <abbr title="required">*</abbr></label>
@@ -84,5 +74,15 @@
         <%= f.submit "Change Password", class: "btn btn-primary" %>
       </div>
     <% end %>
+    <p class="text-gray-500 text-sm mt-4">
+      Don't remember your password?
+      <%= link_to "Log out and reset it.",
+                  destroy_user_session_path(reset_password: true),
+                  class: "action-link-text text-black-300 underline hover:text-blue-600",
+                  data: {
+                    turbo_method: :delete,
+                    turbo_confirm: "This will log you out and send you to the password reset page. Continue?"
+                  } %>
+    </p>
   </div>
 </div>
diff --git a/spec/views/users/change_password.html.erb_spec.rb b/spec/views/users/change_password.html.erb_spec.rb
index cceaacd7b..31cddfff9 100644
--- a/spec/views/users/change_password.html.erb_spec.rb
+++ b/spec/views/users/change_password.html.erb_spec.rb
@@ -29,6 +29,15 @@
     expect(rendered).to have_field("New password confirmation", type: :password)
   end
 
+  it "submits the password update outside Turbo to avoid the auth-cookie redirect race" do
+    expect(rendered).to have_css('form[data-turbo="false"]')
+  end
+
+  it "keeps the logout-and-reset link outside the non-Turbo password form" do
+    expect(rendered).to have_link("Log out and reset it.", href: destroy_user_session_path(reset_password: true))
+    expect(rendered).not_to have_css('form a', text: "Log out and reset it.")
+  end
+
   it "has a submit button" do
     expect(rendered).to have_button("Change Password")
   end