diff --git a/infrastructure/factory.py b/infrastructure/factory.py
index e9b235a..7ba8718 100644
--- a/infrastructure/factory.py
+++ b/infrastructure/factory.py
@@ -132,12 +132,28 @@ def create_base_app(
             from quart import session as qs
             if request.path.startswith("/auth/"):
                 return
-            if qs.get("uid"):
+
+            uid = qs.get("uid")
+            has_hint = request.cookies.get("sso_hint")
+
+            # SSO revoked (account logged out) → clear local session
+            if uid and not has_hint:
+                qs.pop("uid", None)
+                qs.pop("cart_sid", None)
+                qs.pop("sso_checked", None)
                 return
+
+            # Already logged in locally
+            if uid:
+                return
+
+            # No hint → nothing to do
+            if not has_hint:
+                return
+
+            # Has hint but no local session → trigger silent OAuth once
             if qs.get("sso_checked"):
                 return
-            if not request.cookies.get("sso_hint"):
-                return
             qs["sso_checked"] = True
             return redirect(f"/auth/login/?next={_quote(request.url, safe='')}")