diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/LoginLockManager.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/LoginLockManager.java
index aa49484e8b923..6015d1d538f91 100644
--- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/LoginLockManager.java
+++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/auth/LoginLockManager.java
@@ -314,8 +314,11 @@ public void cleanExpiredLocks() {
               // Remove outdated failures
               info.removeOldFailures(cutoffTime);
               if (info.getFailureCount() == 0) {
-                String[] parts = entry.getKey().split("@");
-                LOGGER.info(DataNodeMiscMessages.IP_UNLOCKED_EXPIRED, parts[1], parts[0]);
+                final String[] parts = entry.getKey().split("@", 2);
+                LOGGER.info(
+                    DataNodeMiscMessages.IP_UNLOCKED_EXPIRED,
+                    parts.length == 2 ? parts[1] : "",
+                    parts.length >= 1 ? parts[0] : "");
                 return true;
               }
               return false;
diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java
index c84ed06bb4b8d..b3fa3c049f363 100644
--- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java
+++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/protocol/session/SessionManager.java
@@ -48,6 +48,7 @@
 import org.apache.iotdb.rpc.TSStatusCode;
 import org.apache.iotdb.service.rpc.thrift.TSConnectionInfo;
 import org.apache.iotdb.service.rpc.thrift.TSConnectionInfoResp;
+import org.apache.iotdb.service.rpc.thrift.TSConnectionType;
 import org.apache.iotdb.service.rpc.thrift.TSProtocolVersion;
 
 import org.apache.tsfile.external.commons.lang3.StringUtils;
@@ -138,7 +139,10 @@ public BasicOpenSessionResp login(
 
     final long userId = AuthorityChecker.getUserId(username).orElse(-1L);
 
-    boolean enableLoginLock = userId != -1;
+    // Pipe/CQ/Select-Into use InternalClientSession for password validation and should not
+    // participate in user@ip login lock (empty client address shares one lock bucket).
+    final boolean enableLoginLock =
+        userId != -1 && session.getConnectionType() != TSConnectionType.INTERNAL;
     LoginLockManager loginLockManager = LoginLockManager.getInstance();
     if (enableLoginLock && loginLockManager.checkLock(userId, session.getClientAddress())) {
       // Generic authentication error