diff --git a/lib/rpi_auth/controllers/current_user.rb b/lib/rpi_auth/controllers/current_user.rb
index 44e3c89..fc75779 100644
--- a/lib/rpi_auth/controllers/current_user.rb
+++ b/lib/rpi_auth/controllers/current_user.rb
@@ -10,8 +10,8 @@ module CurrentUser
       end
 
       def current_user
-        return @current_user if @current_user
         return nil unless session[:current_user]
+        return @current_user if @current_user
 
         @current_user = RpiAuth.user_model.new(session[:current_user])
       end
diff --git a/spec/dummy/app/controllers/home_controller.rb b/spec/dummy/app/controllers/home_controller.rb
index 89ff5b1..0f319e4 100644
--- a/spec/dummy/app/controllers/home_controller.rb
+++ b/spec/dummy/app/controllers/home_controller.rb
@@ -1,4 +1,10 @@
 class HomeController < ApplicationController
   def show
   end
+
+  def reset_user
+    current_user
+    reset_session
+    render :show
+  end
 end
diff --git a/spec/dummy/config/routes.rb b/spec/dummy/config/routes.rb
index 2fff33c..f449321 100644
--- a/spec/dummy/config/routes.rb
+++ b/spec/dummy/config/routes.rb
@@ -1,6 +1,7 @@
 Rails.application.routes.draw do
   # For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html
   root to: 'home#show'
+  get '/reset-user', to: 'home#reset_user'
 
   resource :session, only: %i[create]
 
diff --git a/spec/dummy/spec/requests/auth_request_spec.rb b/spec/dummy/spec/requests/auth_request_spec.rb
index 1eafd3b..b91cf5d 100644
--- a/spec/dummy/spec/requests/auth_request_spec.rb
+++ b/spec/dummy/spec/requests/auth_request_spec.rb
@@ -182,6 +182,15 @@
         expect(session.id).not_to eq previous_id
       end
 
+      it 'does not use cached user if session is reset' do
+        post '/auth/rpi'
+        follow_redirect!
+
+        get reset_user_path
+
+        expect(response.body).to include('Log in')
+      end
+
       context 'when session_keys_to_persist is set' do
         let(:session_keys_to_persist) { 'foo' }