diff --git a/weed/iam/sts/session_claims_test.go b/weed/iam/sts/session_claims_test.go
index 6ea5e3da5..fffe54a64 100644
--- a/weed/iam/sts/session_claims_test.go
+++ b/weed/iam/sts/session_claims_test.go
@@ -179,13 +179,11 @@ func TestSTSSessionClaimsToSessionInfoCredentialExpiration(t *testing.T) {
 			assert.True(t, sessionInfo.Credentials.Expiration.Sub(tc.expiresAt) < time.Second)
 
 			// We set tc.expiresAt to past/future values to exercise expiration handling.
-			// Use helper methods to assert expiration behavior on both SessionInfo and Credentials.
+			// Assert the credentials' expiration relative to now to exercise code behavior
 			if tc.expectNotExpired {
-				assert.False(t, sessionInfo.IsExpired(), tc.description)
-				assert.False(t, sessionInfo.Credentials.IsExpired(), tc.description)
+				assert.True(t, time.Now().Before(sessionInfo.Credentials.Expiration), tc.description)
 			} else {
-				assert.True(t, sessionInfo.IsExpired(), tc.description)
-				assert.True(t, sessionInfo.Credentials.IsExpired(), tc.description)
+				assert.True(t, time.Now().After(sessionInfo.Credentials.Expiration), tc.description)
 			}
 		})
 	}
diff --git a/weed/s3api/auth_signature_v4.go b/weed/s3api/auth_signature_v4.go
index 18367aa81..66a22c52c 100644
--- a/weed/s3api/auth_signature_v4.go
+++ b/weed/s3api/auth_signature_v4.go
@@ -384,7 +384,7 @@ func (iam *IdentityAccessManagement) validateSTSSessionToken(r *http.Request, se
 		PrincipalArn: sessionInfo.Principal,
 	}
 
-	glog.V(2).Infof("Successfully validated STS session token for principal: %s, assumed role user: %s", 
+	glog.V(2).Infof("Successfully validated STS session token for principal: %s, assumed role user: %s",
 		sessionInfo.Principal, sessionInfo.AssumedRoleUser)
 	return identity, cred, s3err.ErrNone
 }