I took the liberty of looking at your workflows for /create-account and /login. In your /create-account workflow you are generating a token after creating a user which is not the same as authenticating like in your login workflow. Once the Authenticate node is successful, the last logged in data point gets set for that particular Experience User.
This issue can be solved in two ways, either replace the Generate Token node on your /create-account workflow with an Authenticate Node since you already have their email and password and the authenticate node can return you a token, it just also checks that the email and password are valid. Or after creating the user, redirect them to /login to force them to log in.
Hope that helps,