diff --git a/www/app/[roomName]/components/DailyRoom.tsx b/www/app/[roomName]/components/DailyRoom.tsx
index 41105be3..8c0302e7 100644
--- a/www/app/[roomName]/components/DailyRoom.tsx
+++ b/www/app/[roomName]/components/DailyRoom.tsx
@@ -23,7 +23,6 @@ export default function DailyRoom({ meeting }: DailyRoomProps) {
   const router = useRouter();
   const params = useParams();
   const auth = useAuth();
-  const authStatus = auth.status;
   const authLastUserId = auth.lastUserId;
   const containerRef = useRef<HTMLDivElement>(null);
   const joinMutation = useRoomJoinMeeting();
@@ -32,7 +31,7 @@ export default function DailyRoom({ meeting }: DailyRoomProps) {
   const roomName = params?.roomName as string;
 
   useEffect(() => {
-    if (authLastUserId === null || !meeting?.id || !roomName) return;
+    if (authLastUserId === undefined || !meeting?.id || !roomName) return;
 
     const join = async () => {
       try {
@@ -60,7 +59,8 @@ export default function DailyRoom({ meeting }: DailyRoomProps) {
   }, [router]);
 
   useEffect(() => {
-    if (!authLastUserId || !roomUrl || !containerRef.current) return;
+    if (authLastUserId === undefined || !roomUrl || !containerRef.current)
+      return;
 
     let frame: DailyCall | null = null;
     let destroyed = false;
@@ -122,7 +122,7 @@ export default function DailyRoom({ meeting }: DailyRoomProps) {
     };
   }, [roomUrl, authLastUserId, handleLeave]);
 
-  if (!authLastUserId) {
+  if (authLastUserId === undefined) {
     return (
       <Center width="100vw" height="100vh">
         <Spinner size="xl" />
diff --git a/www/app/lib/AuthProvider.tsx b/www/app/lib/AuthProvider.tsx
index 6a0b9f82..1c281a37 100644
--- a/www/app/lib/AuthProvider.tsx
+++ b/www/app/lib/AuthProvider.tsx
@@ -26,7 +26,8 @@ type AuthContextType = (
   signIn: typeof signIn;
   signOut: typeof signOut;
   // TODO probably rename isLoading to isReloading and make THIS field "isLoading"
-  lastUserId: CustomSession["user"]["id"] | null;
+  // undefined is "not known", null is "is certainly logged out"
+  lastUserId: CustomSession["user"]["id"] | null | undefined;
 };
 
 const AuthContext = createContext<AuthContextType | undefined>(undefined);
@@ -43,13 +44,15 @@ const noopAuthContext: AuthContextType = {
   signOut: async () => {
     throw new Error("signOut not supposed to be called");
   },
-  lastUserId: null,
+  lastUserId: undefined,
 };
 
 export function AuthProvider({ children }: { children: React.ReactNode }) {
   const { data: session, status, update } = useNextAuthSession();
   // referential comparison done in component, must be primitive /or cached
-  const lastUserId = useRef<CustomSession["user"]["id"] | null>(null);
+  const lastUserId = useRef<CustomSession["user"]["id"] | null | undefined>(
+    null,
+  );
 
   const contextValue: AuthContextType = isAuthEnabled
     ? {
@@ -78,6 +81,8 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
             case "authenticated": {
               const customSession = assertCustomSession(session);
               if (customSession?.error === REFRESH_ACCESS_TOKEN_ERROR) {
+                // warning: call order-dependent
+                lastUserId.current = null;
                 // token had expired but next auth still returns "authenticated" so show user unauthenticated state
                 return {
                   status: "unauthenticated" as const,
@@ -100,6 +105,8 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
               }
             }
             case "unauthenticated": {
+              // warning: call order-dependent
+              lastUserId.current = null;
               return { status: "unauthenticated" as const };
             }
             default: {