diff --git a/src/services/auth.ts b/src/services/auth.ts
index 2ddc6b3..c10a6f8 100644
--- a/src/services/auth.ts
+++ b/src/services/auth.ts
@@ -224,23 +224,24 @@ export async function refreshAccessToken(
 
 export async function logout(refreshTokenRaw: string): Promise<void> {
   const tokenHash = hashToken(refreshTokenRaw);
-  // Delete the current token
   const token = await prisma.refresh_tokens.findFirst({ where: { token_hash: tokenHash } });
+
   if (token) {
-    // Delete the current token and all replaced tokens in its chain
+    // Delete all tokens for this user from the same IP + user agent (same browser session)
     await prisma.refresh_tokens.deleteMany({
       where: {
-        OR: [
-          { token_hash: tokenHash },
-          { replaced_by_hash: tokenHash },
-        ],
+        user_id: token.user_id,
+        ip_address: token.ip_address,
+        user_agent: token.user_agent,
       },
     });
+  } else {
+    // Fallback: just delete by hash
+    await prisma.refresh_tokens.deleteMany({ where: { token_hash: tokenHash } });
   }
-  // Clean up expired tokens for all users
-  await prisma.refresh_tokens.deleteMany({
-    where: { expires_at: { lt: new Date() } },
-  });
+
+  // Clean up expired tokens
+  await prisma.refresh_tokens.deleteMany({ where: { expires_at: { lt: new Date() } } });
 }
 
 export async function verifyAccessToken(token: string): Promise<AuthData | null> {