diff --git a/commafeed-server/src/test/java/com/commafeed/integration/servlet/LogoutIT.java b/commafeed-server/src/test/java/com/commafeed/integration/servlet/LogoutIT.java
index 5dda094d..0beb37ac 100644
--- a/commafeed-server/src/test/java/com/commafeed/integration/servlet/LogoutIT.java
+++ b/commafeed-server/src/test/java/com/commafeed/integration/servlet/LogoutIT.java
@@ -5,13 +5,23 @@ import org.glassfish.jersey.client.ClientProperties;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 
+import com.commafeed.CommaFeedDropwizardAppExtension;
+import com.commafeed.frontend.model.UserModel;
 import com.commafeed.integration.BaseIT;
 
+import jakarta.ws.rs.NotAuthorizedException;
+import jakarta.ws.rs.client.Invocation.Builder;
 import jakarta.ws.rs.core.HttpHeaders;
 import jakarta.ws.rs.core.Response;
 
 class LogoutIT extends BaseIT {
 
+	@Override
+	protected CommaFeedDropwizardAppExtension buildExtension() {
+		// override so we don't add http basic auth
+		return new CommaFeedDropwizardAppExtension();
+	}
+
 	@Test
 	void test() {
 		String cookie = login();
@@ -22,5 +32,8 @@ class LogoutIT extends BaseIT {
 				.get()) {
 			Assertions.assertEquals(HttpStatus.FOUND_302, response.getStatus());
 		}
+
+		Builder req = getClient().target(getApiBaseUrl() + "user/profile").request().header(HttpHeaders.COOKIE, "JSESSIONID=" + cookie);
+		Assertions.assertThrows(NotAuthorizedException.class, () -> req.get(UserModel.class));
 	}
 }