diff --git a/apps/web/src/app/api/trpc/[trpc]/route.ts b/apps/web/src/app/api/trpc/[trpc]/route.ts
index b0b1779..1c9c1b0 100644
--- a/apps/web/src/app/api/trpc/[trpc]/route.ts
+++ b/apps/web/src/app/api/trpc/[trpc]/route.ts
@@ -26,7 +26,9 @@ const handler = async (req: NextRequest) => {
   // Validate active session registry on every authenticated request.
   // Sessions kicked by concurrent-session limits or manual logout are rejected immediately.
   // Fail-open: if the table doesn't exist yet (pending migration) the check is skipped.
-  if (session?.user) {
+  // In E2E test mode the jwt callback skips registration, so skip validation too.
+  const isE2eTestMode = process.env["E2E_TEST_MODE"] === "true";
+  if (session?.user && !isE2eTestMode) {
     const jti = (session.user as typeof session.user & { jti?: string }).jti;
     if (jti) {
       try {
diff --git a/apps/web/src/server/auth.ts b/apps/web/src/server/auth.ts
index 53c33b0..68b95e7 100644
--- a/apps/web/src/server/auth.ts
+++ b/apps/web/src/server/auth.ts
@@ -170,6 +170,12 @@ const authConfig = {
         const jti = crypto.randomUUID();
         token.sid = jti;
 
+        // Skip active-session registration in E2E test mode.
+        // Test logins must not pollute the active_sessions table — doing so
+        // kicks real user sessions when the concurrent-session limit is reached.
+        const isE2eTestMode = process.env["E2E_TEST_MODE"] === "true";
+        if (isE2eTestMode) return token;
+
         // Enforce concurrent session limit (kick-oldest strategy)
         try {
           const settings = await prisma.systemSettings.findUnique({
diff --git a/docker-compose.yml b/docker-compose.yml
index 69b4481..09a2152 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -52,10 +52,16 @@ services:
     ports:
       - "3100:3100"
     environment:
-      DATABASE_URL: ${DATABASE_URL:-postgresql://capakraken:capakraken_dev@postgres:5432/capakraken}
+      # Always use the Docker-internal service name. The host-level DATABASE_URL
+      # (localhost:5433) must not bleed into the container where "localhost" is
+      # the container itself, not the host.
+      DATABASE_URL: postgresql://capakraken:capakraken_dev@postgres:5432/capakraken
       REDIS_URL: ${REDIS_URL:-redis://redis:6379}
       NEXTAUTH_URL: ${NEXTAUTH_URL:-http://localhost:3100}
       NEXTAUTH_SECRET: ${NEXTAUTH_SECRET:?set NEXTAUTH_SECRET}
+      # Bypass auth + API rate limiters so E2E test runs don't exhaust
+      # per-user quotas and don't pollute active_sessions for real users.
+      E2E_TEST_MODE: "true"
     depends_on:
       postgres:
         condition: service_healthy