diff --git a/server/internal/service/auth.go b/server/internal/service/auth.go
index e7d3846..2a53392 100644
--- a/server/internal/service/auth.go
+++ b/server/internal/service/auth.go
@@ -256,6 +256,10 @@ func (rs authResource) Login(w http.ResponseWriter, r *http.Request) {
 // claims set into the request's context by a middleware.
 func (rs authResource) Get(w http.ResponseWriter, r *http.Request) {
 	user := rs.userFromCtxClaims(w, r)
+	if user == nil {
+		return
+	}
+
 	respondJSON(w, http.StatusOK, userResponse{
 		ID:        user.ID,
 		Username:  user.Username,
@@ -281,6 +285,9 @@ func (rs authResource) UpdatePassword(w http.ResponseWriter, r *http.Request) {
 	}
 
 	user := rs.userFromCtxClaims(w, r)
+	if user == nil {
+		return
+	}
 
 	// Verify the old password before proceeding with the update
 	if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(req.OldPassword)); err != nil {
@@ -327,6 +334,9 @@ func (rs authResource) OwnerDelete(w http.ResponseWriter, r *http.Request) {
 	}
 
 	user := rs.userFromCtxClaims(w, r)
+	if user == nil {
+		return
+	}
 
 	// Verify the old password before allowing the deletion
 	if err := bcrypt.CompareHashAndPassword([]byte(user.PasswordHash), []byte(req.Password)); err != nil {
@@ -340,6 +350,17 @@ func (rs authResource) OwnerDelete(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Clear the refresh token cookie
+	http.SetCookie(w, &http.Cookie{
+		Name:     "notatest.refresh_token",
+		Value:    "",
+		Path:     "/api/auth/cookie",
+		MaxAge:   0, // Expires immediately
+		HttpOnly: true,
+		Secure:   rs.Config.IsProd,
+		SameSite: http.SameSiteStrictMode,
+	})
+
 	if err := rs.Users.RevokeAllUserRefreshTokens(r.Context(), user.ID); err != nil {
 		log.Error().Msgf("Failed to revoke refresh tokens: %s", err)
 	}