I think your API can get away with returning the same status / message code as if it were a successful first login.
That's why ... As I see it, you have two different scenarios in terms of the API: a new login and re-login. programmatically there is a difference.
But, from the consumerβs point of view, all the consumer wants to know is that the login was as successful as it was.