diff --git a/src/GoTrueClient.ts b/src/GoTrueClient.ts
index 88bedadcc..0969ee82b 100644
--- a/src/GoTrueClient.ts
+++ b/src/GoTrueClient.ts
@@ -1113,7 +1113,7 @@ export default class GoTrueClient {
 
       if (!hasExpired) {
         if (this.storage.isServer) {
-          const suppressWarning = this.suppressGetSessionWarning
+          let suppressWarning = this.suppressGetSessionWarning
           const proxySession: Session = new Proxy(currentSession, {
             get(target: any, prop: string, receiver: any) {
               if (!suppressWarning && prop === 'user') {
@@ -1121,6 +1121,7 @@ export default class GoTrueClient {
                 console.warn(
                   'Using the user object as returned from supabase.auth.getSession() or from some supabase.auth.onAuthStateChange() events could be insecure! This value comes directly from the storage medium (usually cookies on the server) and many not be authentic. Use supabase.auth.getUser() instead which authenticates the data by contacting the Supabase Auth server.'
                 )
+                suppressWarning = true
               }
               return Reflect.get(target, prop, receiver)
             },
diff --git a/test/GoTrueClient.test.ts b/test/GoTrueClient.test.ts
index ec5ac3d1a..b06ba262f 100644
--- a/test/GoTrueClient.test.ts
+++ b/test/GoTrueClient.test.ts
@@ -974,6 +974,10 @@ describe('GoTrueClient with storageisServer = true', () => {
         'Using the user object as returned from supabase.auth.getSession() '
       )
     ).toEqual(true)
+
+    const user2 = session?.user // accessing the user object a second time should not emit another warning
+    expect(user2).not.toBeNull()
+    expect(warnings.length).toEqual(1)
   })
 
   test('getSession emits no warnings if getUser is called prior', async () => {