diff --git a/client/js/api.js b/client/js/api.js
index 608fc6f7..86687cad 100644
--- a/client/js/api.js
+++ b/client/js/api.js
@@ -175,11 +175,18 @@ class Api extends events.EventTarget {
     }
 
     logout() {
-        this.delete_token(this.userName, this.userToken);
+        this.delete_token(this.userName, this.userToken).then(response => {
+            this._logout()
+        }, error => {
+            this._logout()
+        });
+
+    }
+
+    _logout() {
         this.user = null;
         this.userName = null;
         this.userPassword = null;
-        this.userToken = null;
         this.dispatchEvent(new CustomEvent('logout'));
     }
 
diff --git a/server/szurubooru/api/user_token_api.py b/server/szurubooru/api/user_token_api.py
index 8936d721..1b4b6115 100644
--- a/server/szurubooru/api/user_token_api.py
+++ b/server/szurubooru/api/user_token_api.py
@@ -30,9 +30,9 @@ def create_user_token(ctx: rest.Context, _params: Dict[str, str] = {}) -> rest.R
 
 @rest.routes.delete('/user-tokens/(?P<user_token>[^/]+)/?')
 def create_user_token(ctx: rest.Context, params: Dict[str, str]) -> rest.Response:
+    auth.verify_privilege(ctx.user, 'user_token:delete')
     user_token = user_tokens.get_user_token_by_user_and_token(ctx.user, params['user_token'])
     if user_token is not None:
-        auth.verify_privilege(ctx.user, 'user_token:delete')
         ctx.session.delete(user_token)
         ctx.session.commit()
     return {}