diff --git a/src/services/authService.jsx b/src/services/authService.jsx
index af844a6..d012e30 100644
--- a/src/services/authService.jsx
+++ b/src/services/authService.jsx
@@ -11,13 +11,15 @@ class AuthService {
       withCredentials: true // Enable sending cookies with requests
     });
 
+    this.isLoggingOut = false;
 
     // Handle authentication errors (401/403) but don't auto-redirect on network errors
     this.api.interceptors.response.use(
       (response) => response,
       (error) => {
         // Only auto-logout on explicit authentication errors, not network issues
-        if (error.response && (error.response.status === 401 || error.response.status === 403)) {
+        // and prevent infinite loops
+        if (error.response && (error.response.status === 401 || error.response.status === 403) && !this.isLoggingOut) {
           this.logout();
           // Only redirect if not already on auth page to avoid redirect loops
           if (window.location.pathname !== '/auth') {
@@ -65,11 +67,21 @@ class AuthService {
   }
 
   async logout() {
+    if (this.isLoggingOut) {
+      return; // Prevent multiple logout calls
+    }
+
+    this.isLoggingOut = true;
+
     try {
       await this.api.post('/auth/logout');
       // Cookies are cleared by backend; no local storage to clear since we avoid storing tokens in dev.
     } catch (error) {
       console.error('Logout API call failed:', error);
+    } finally {
+      this.isLoggingOut = false;
+      // Clear in-memory tokens
+      this.clearToken();
     }
   }