diff --git a/shared/infrastructure/factory.py b/shared/infrastructure/factory.py
index 0d3f208..5c29852 100644
--- a/shared/infrastructure/factory.py
+++ b/shared/infrastructure/factory.py
@@ -175,6 +175,13 @@ def create_base_app(
                 auth_redis = None
 
             # Case 1: logged in — verify grant still valid (direct DB, cached)
+            if uid and not grant_token:
+                # Legacy session without grant token — clear it
+                qs.pop("uid", None)
+                qs.pop("cart_sid", None)
+                g.user = None
+                uid = None
+
             if uid and grant_token:
                 cache_key = f"grant:{grant_token}"
                 if auth_redis:
@@ -201,7 +208,7 @@ def create_base_app(
                         )
                         valid = grant is not None and grant.revoked_at is None
                 except Exception:
-                    return  # DB error — don't log user out
+                    valid = False  # DB error — treat as invalid
 
                 if auth_redis:
                     await auth_redis.set(cache_key, b"ok" if valid else b"revoked", ex=60)