diff --git a/simulate-nis2.php b/simulate-nis2.php
index 00282f6..6b134ec 100644
--- a/simulate-nis2.php
+++ b/simulate-nis2.php
@@ -260,6 +260,19 @@ function ensureUser(string $firstName, string $lastName, string $email, string $
         return $jwt;
     }
 
+    // Ultimo tentativo: se register fallisce per "email già registrata" (utente inserito da
+    // dbSeedUser ma login aveva fallito per motivo transitorio), riprova il login.
+    $regMsg = strtolower($regRes['message'] ?? '');
+    if (str_contains($regMsg, 'registrat') || str_contains($regMsg, 'esiste') || $regRes['_http'] === 409) {
+        $retryLogin = api('POST', '/auth/login', ['email' => $email, 'password' => $password]);
+        if (!empty($retryLogin['data']['access_token'])) {
+            $jwt = $retryLogin['data']['access_token'];
+            $S['users'][$email] = ['jwt' => $jwt, 'id' => $retryLogin['data']['user']['id'] ?? null];
+            ok("Login (retry): $email");
+            return $jwt;
+        }
+    }
+
     fail("Registrazione fallita per $email: " . ($regRes['message'] ?? 'errore'));
     return null;
 }
@@ -697,9 +710,18 @@ function autoResetDemo(): void
 
     $pdo->exec('SET FOREIGN_KEY_CHECKS=1');
 
+    // Pulisce i file rate limit (register + login) per permettere re-esecuzione immediata
+    $rateDir = '/tmp/nis2_ratelimit/';
+    $cleared = 0;
+    if (is_dir($rateDir)) {
+        foreach (glob($rateDir . '*.json') ?: [] as $f) {
+            if (@unlink($f)) $cleared++;
+        }
+    }
+
     // Verifica org rimaste
     $orgCount = $pdo->query('SELECT COUNT(*) FROM organizations')->fetchColumn();
-    simLog("Auto-reset completato — {$deleted} record rimossi, {$orgCount} org base mantenute", 'ok');
+    simLog("Auto-reset completato — {$deleted} record rimossi, {$orgCount} org base mantenute" . ($cleared ? ", {$cleared} rate-limit file rimossi" : ''), 'ok');
 }
 
 // ────────────────────────────────────────────────────────────────────────────