diff --git a/.secrets.baseline b/.secrets.baseline
index c2c58082b..79e905180 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -151,7 +151,7 @@
         "filename": "core/auth/apis.go",
         "hashed_secret": "394e3412459f79523e12e1fa95a4cf141ccff122",
         "is_verified": false,
-        "line_number": 2269
+        "line_number": 2270
       }
     ],
     "core/auth/auth.go": [
@@ -347,5 +347,5 @@
       }
     ]
   },
-  "generated_at": "2025-11-12T08:42:48Z"
+  "generated_at": "2025-12-08T09:23:30Z"
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c8a24fbe9..a3ed5da99 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## Unreleased
+### Changed
+- Logout issue investigation [#819](https://github.com/rokwire/core-building-block/issues/819)
 
 ## [1.60.3] - 2025-12-01
 ### Changed
diff --git a/core/auth/apis.go b/core/auth/apis.go
index 3df770b17..d7657e1e2 100644
--- a/core/auth/apis.go
+++ b/core/auth/apis.go
@@ -338,8 +338,9 @@ func (a *Auth) Refresh(refreshToken string, apiKey string, clientVersion *string
 		}
 
 		//now check if we are in the grace period
-		if !loginSession.IsInRefreshGracePeriod(nil) {
-			l.Infof("not in grace period, so we cannot allow refresh - %s", masked)
+		inRefreshGracePeriod, elapsed := loginSession.IsInRefreshGracePeriod(nil)
+		if !inRefreshGracePeriod {
+			l.Infof("not in grace period as elapsed is %v, so we cannot allow refresh - %s", elapsed, masked)
 			return cleanup()
 		}
 
diff --git a/core/model/auth.go b/core/model/auth.go
index 39d96beee..3b9615713 100644
--- a/core/model/auth.go
+++ b/core/model/auth.go
@@ -225,12 +225,12 @@ func (ls LoginSession) PreviousRefreshToken() (string, error) {
 }
 
 // IsInRefreshGracePeriod return whether the login session is in refresh grace period
-func (ls LoginSession) IsInRefreshGracePeriod(now *time.Time) bool {
+func (ls LoginSession) IsInRefreshGracePeriod(now *time.Time) (bool, time.Duration) {
 	loginsSessionsSetting := ls.AppOrg.LoginsSessionsSetting
 
 	gracePeriodPolicy := loginsSessionsSetting.RefreshGracePeriodPolicy
 	if !gracePeriodPolicy.Active {
-		return false
+		return false, 0
 	}
 
 	lastRefreshTime := ls.DateCreated
@@ -242,9 +242,11 @@ func (ls LoginSession) IsInRefreshGracePeriod(now *time.Time) bool {
 		currentTime := time.Now()
 		now = &currentTime
 	}
+	elapsed := (*now).Sub(lastRefreshTime)
 	gracePeriodDuration := time.Duration(gracePeriodPolicy.GracePeriod) * time.Second
 	gracePeriodEndTime := lastRefreshTime.Add(gracePeriodDuration)
-	return now.Before(gracePeriodEndTime)
+
+	return now.Before(gracePeriodEndTime), elapsed
 }
 
 // LogInfo gives the information appropriate to be logged for the session