diff --git a/.vscode/extensions.json b/.vscode/extensions.json
index 8d9063c1..819c8328 100644
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -3,7 +3,7 @@
     "aaron-bond.better-comments",
     "dbaeumer.vscode-eslint",
     "antfu.goto-alias",
-    "esbenp.prettier-vscode",
+    "prettier.prettier-vscode",
     "yoavbls.pretty-ts-errors",
     "bradlc.vscode-tailwindcss",
     "vue.volar",
diff --git a/.vscode/settings.json b/.vscode/settings.json
index f62f2c98..791e9e0a 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,22 +1,22 @@
 {
   "editor.tabSize": 2,
   "editor.useTabStops": false,
-  "editor.defaultFormatter": "esbenp.prettier-vscode",
+  "editor.defaultFormatter": "prettier.prettier-vscode",
   "editor.formatOnSave": true,
   "editor.codeActionsOnSave": {
     "source.fixAll.eslint": "always"
   },
   "[vue]": {
-    "editor.defaultFormatter": "esbenp.prettier-vscode"
+    "editor.defaultFormatter": "prettier.prettier-vscode"
   },
   "[typescript]": {
-    "editor.defaultFormatter": "esbenp.prettier-vscode"
+    "editor.defaultFormatter": "prettier.prettier-vscode"
   },
   "[json]": {
-    "editor.defaultFormatter": "esbenp.prettier-vscode"
+    "editor.defaultFormatter": "prettier.prettier-vscode"
   },
   "[markdown]": {
-    "editor.defaultFormatter": "esbenp.prettier-vscode",
+    "editor.defaultFormatter": "prettier.prettier-vscode",
     "editor.tabSize": 4,
     "editor.useTabStops": false
   },
diff --git a/src/app/middleware/auth.global.ts b/src/app/middleware/auth.global.ts
index 70a37e86..06029fd6 100644
--- a/src/app/middleware/auth.global.ts
+++ b/src/app/middleware/auth.global.ts
@@ -4,25 +4,27 @@ export default defineNuxtRouteMiddleware(async (to) => {
     return;
   }
 
+  const event = useRequestEvent();
+
   const authStore = useAuthStore();
-  const userData = await authStore.getSession();
+  authStore.userData = await authStore.getSession(event);
 
   // skip login if already logged in
   if (to.path === '/login') {
-    if (userData?.username) {
+    if (authStore.userData?.username) {
       return navigateTo('/', { redirectCode: 302 });
     }
     return;
   }
 
   // Require auth for every page other than Login
-  if (!userData?.username) {
+  if (!authStore.userData?.username) {
     return navigateTo('/login', { redirectCode: 302 });
   }
 
   // Check for admin access
   if (to.path.startsWith('/admin')) {
-    if (!hasPermissions(userData, 'admin', 'any')) {
+    if (!hasPermissions(authStore.userData, 'admin', 'any')) {
       return abortNavigation('Not allowed to access Admin Panel');
     }
   }
diff --git a/src/app/pages/admin.vue b/src/app/pages/admin.vue
index f4e70de7..48f30f21 100644
--- a/src/app/pages/admin.vue
+++ b/src/app/pages/admin.vue
@@ -38,9 +38,6 @@
 </template>
 
 <script setup lang="ts">
-const authStore = useAuthStore();
-authStore.update();
-
 const { t } = useI18n();
 
 const route = useRoute();
diff --git a/src/app/pages/clients/[id].vue b/src/app/pages/clients/[id].vue
index c52e903e..ec561a05 100644
--- a/src/app/pages/clients/[id].vue
+++ b/src/app/pages/clients/[id].vue
@@ -206,9 +206,7 @@
 </template>
 
 <script lang="ts" setup>
-const authStore = useAuthStore();
 const globalStore = useGlobalStore();
-authStore.update();
 
 const route = useRoute();
 const id = route.params.id as string;
diff --git a/src/app/pages/index.vue b/src/app/pages/index.vue
index a4f27efe..3a02179d 100644
--- a/src/app/pages/index.vue
+++ b/src/app/pages/index.vue
@@ -29,9 +29,6 @@
 </template>
 
 <script setup lang="ts">
-const authStore = useAuthStore();
-authStore.update();
-
 const globalStore = useGlobalStore();
 const clientsStore = useClientsStore();
 
diff --git a/src/app/pages/login.vue b/src/app/pages/login.vue
index 76d34ca7..1d716fb4 100644
--- a/src/app/pages/login.vue
+++ b/src/app/pages/login.vue
@@ -67,9 +67,6 @@
 </template>
 
 <script setup lang="ts">
-const authStore = useAuthStore();
-authStore.update();
-
 const toast = useToast();
 const { t } = useI18n();
 
diff --git a/src/app/pages/me.vue b/src/app/pages/me.vue
index db2dc1b8..0ef5210d 100644
--- a/src/app/pages/me.vue
+++ b/src/app/pages/me.vue
@@ -120,7 +120,6 @@
 import { encodeQR } from 'qr';
 
 const authStore = useAuthStore();
-authStore.update();
 
 const name = ref(authStore.userData?.name);
 const email = ref(authStore.userData?.email);
diff --git a/src/app/stores/auth.ts b/src/app/stores/auth.ts
index fab80ea0..64bac790 100644
--- a/src/app/stores/auth.ts
+++ b/src/app/stores/auth.ts
@@ -1,18 +1,25 @@
+import type { H3Event } from 'h3';
+import type { SharedPublicUser } from '~~/shared/utils/permissions';
+
 export const useAuthStore = defineStore('Auth', () => {
-  const { data: userData, refresh: update } = useFetch('/api/session', {
-    method: 'get',
-  });
+  const userData = useState<SharedPublicUser | null>('user-data', () => null);
 
-  async function getSession() {
+  async function getSession(event?: H3Event) {
+    const fetch = event?.$fetch || $fetch;
     try {
-      const { data } = await useFetch('/api/session', {
+      const data = await fetch('/api/session', {
         method: 'get',
       });
-      return data.value;
+      return data;
     } catch {
       return null;
     }
   }
 
+  async function update() {
+    const data = await getSession();
+    userData.value = data;
+  }
+
   return { userData, update, getSession };
 });
diff --git a/src/server/api/session.get.ts b/src/server/api/session.get.ts
index c72859ee..5d975ee5 100644
--- a/src/server/api/session.get.ts
+++ b/src/server/api/session.get.ts
@@ -1,9 +1,14 @@
+import type { SharedPublicUser } from '~~/shared/utils/permissions';
+
 export default defineEventHandler(async (event) => {
   const session = await useWGSession(event);
 
   if (!session.data.userId) {
     // not logged in
-    return null;
+    throw createError({
+      statusCode: 401,
+      statusMessage: 'Not authenticated',
+    });
   }
 
   const user = await Database.users.get(session.data.userId);
@@ -21,5 +26,5 @@ export default defineEventHandler(async (event) => {
     name: user.name,
     email: user.email,
     totpVerified: user.totpVerified,
-  };
+  } satisfies SharedPublicUser;
 });
diff --git a/src/shared/utils/permissions.ts b/src/shared/utils/permissions.ts
index a559aaaf..12fd5570 100644
--- a/src/shared/utils/permissions.ts
+++ b/src/shared/utils/permissions.ts
@@ -45,6 +45,11 @@ type SharedUserType =
   | Pick<UserType, 'id' | 'role'>
   | (Pick<UserType, 'id'> & { role: BrandedNumber });
 
+export type SharedPublicUser = Pick<
+  UserType,
+  'id' | 'username' | 'name' | 'email' | 'totpVerified'
+> & { role: BrandedNumber };
+
 type PermissionCheck<Key extends keyof Permissions> =
   | boolean
   | ((user: SharedUserType, data: Permissions[Key]['dataType']) => boolean);