diff --git a/.changeset/large-pans-dance.md b/.changeset/large-pans-dance.md
new file mode 100644
index 0000000000..9aa01aff6b
--- /dev/null
+++ b/.changeset/large-pans-dance.md
@@ -0,0 +1,5 @@
+---
+"@directus/api": patch
+---
+
+Fixed an issue where calling `/random/string` with an invalid length param could prevent creation of valid sessions until next restart
diff --git a/api/src/controllers/utils.ts b/api/src/controllers/utils.ts
index f74ae3e8bc..7ef966d4f6 100644
--- a/api/src/controllers/utils.ts
+++ b/api/src/controllers/utils.ts
@@ -14,18 +14,20 @@ import { sanitizeQuery } from '../utils/sanitize-query.js';
 
 const router = Router();
 
+const randomStringSchema = Joi.object<{ length: number }>({
+	length: Joi.number().integer().min(1).max(500).default(32),
+});
+
 router.get(
 	'/random/string',
 	asyncHandler(async (req, res) => {
 		const { nanoid } = await import('nanoid');
 
-		if (req.query && req.query['length'] && Number(req.query['length']) > 500) {
-			throw new InvalidQueryError({ reason: `"length" can't be more than 500 characters` });
-		}
+		const { error, value } = randomStringSchema.validate(req.query, { allowUnknown: true });
 
-		const string = nanoid(req.query?.['length'] ? Number(req.query['length']) : 32);
+		if (error) throw new InvalidQueryError({ reason: error.message });
 
-		return res.json({ data: string });
+		return res.json({ data: nanoid(value.length) });
 	}),
 );
 
diff --git a/api/src/services/graphql/index.ts b/api/src/services/graphql/index.ts
index aaf8bb8829..74a9c82396 100644
--- a/api/src/services/graphql/index.ts
+++ b/api/src/services/graphql/index.ts
@@ -2536,11 +2536,11 @@ export class GraphQLService {
 				resolve: async (_, args) => {
 					const { nanoid } = await import('nanoid');
 
-					if (args['length'] && Number(args['length']) > 500) {
-						throw new InvalidPayloadError({ reason: `"length" can't be more than 500 characters` });
+					if (args['length'] !== undefined && (args['length'] < 1 || args['length'] > 500)) {
+						throw new InvalidPayloadError({ reason: `"length" must be between 1 and 500` });
 					}
 
-					return nanoid(args['length'] ? Number(args['length']) : 32);
+					return nanoid(args['length'] ? args['length'] : 32);
 				},
 			},
 			utils_hash_generate: {