diff --git a/frontend/src/stores/auth.ts b/frontend/src/stores/auth.ts
index b471a729a..aec224245 100644
--- a/frontend/src/stores/auth.ts
+++ b/frontend/src/stores/auth.ts
@@ -337,7 +337,14 @@ export const useAuthStore = defineStore('auth', () => {
 			}
 
 			if (isAuthenticated) {
-				await refreshUserInfo()
+				const user = await refreshUserInfo()
+				if (!user) {
+					// refreshUserInfo() did not return a user — either the
+					// token vanished or a 4xx triggered logout(). Bail out
+					// so the stale local `isAuthenticated` doesn't override
+					// the auth state that logout() already set.
+					return
+				}
 			}
 		}