diff --git a/src/routes/idaa/(idaa)/+layout.svelte b/src/routes/idaa/(idaa)/+layout.svelte
index e2216906..b41d0af0 100644
--- a/src/routes/idaa/(idaa)/+layout.svelte
+++ b/src/routes/idaa/(idaa)/+layout.svelte
@@ -145,8 +145,16 @@ $effect(() => {
                 now - $idaa_loc.novi_verified_ts < ttl_ms;
             if (has_cached_session) {
                 // Case 2: internal navigation — keep the verified session, nothing to do.
-                novi_verifying = false;
-                return;
+                // BUT: only if $ae_loc also reflects active auth. If $ae_loc was reset
+                // externally (e.g., sign-out) while $idaa_loc retained novi_verified (within TTL),
+                // the state is inconsistent — fall through to Case 1 and purge.
+                if ($ae_loc.trusted_access || $ae_loc.authenticated_access) {
+                    novi_verifying = false;
+                    return;
+                }
+                // Inconsistent state — $idaa_loc says verified but $ae_loc has no auth.
+                // Fall through to Case 1 below to purge stale IDB data.
+                console.warn('IDAA Layout: has_cached_session but no auth in $ae_loc — purging (inconsistent state).');
             }
             // Case 3: no UUID, no cached Novi session, but user has trusted/manager access.
             // They are legitimately authenticated via a non-Novi path — do NOT purge.