diff --git a/api/server/services/AuthService.js b/api/server/services/AuthService.js
index 8053a605b4..659e915f44 100644
--- a/api/server/services/AuthService.js
+++ b/api/server/services/AuthService.js
@@ -544,6 +544,8 @@ const setOpenIDAuthTokens = (
      * Falls back to access_token for providers where id_token is not available.
      */
     const appAuthToken = tokenset.id_token || tokenset.access_token;
+    const sessionIdToken = req.session?.openidTokens?.idToken;
+    const logoutIdToken = tokenset.id_token || sessionIdToken;
 
     /**
      * Always set refresh token cookie so it survives express session expiry.
@@ -565,7 +567,7 @@ const setOpenIDAuthTokens = (
     if (req.session) {
       req.session.openidTokens = {
         accessToken: tokenset.access_token,
-        idToken: tokenset.id_token,
+        idToken: logoutIdToken,
         refreshToken: refreshToken,
         expiresAt: expirationDate.getTime(),
       };
diff --git a/api/server/services/AuthService.spec.js b/api/server/services/AuthService.spec.js
index cf893e1d6f..8209d46d25 100644
--- a/api/server/services/AuthService.spec.js
+++ b/api/server/services/AuthService.spec.js
@@ -172,8 +172,31 @@ describe('setOpenIDAuthTokens', () => {
       setOpenIDAuthTokens(tokenset, req, res, 'user-123');
 
       expect(req.session.openidTokens.accessToken).toBe('the-access-token');
+      expect(req.session.openidTokens.idToken).toBe('the-id-token');
       expect(req.session.openidTokens.refreshToken).toBe('the-refresh-token');
     });
+
+    it('should preserve the existing session id_token when refresh omits one', () => {
+      const tokenset = {
+        access_token: 'new-access-token',
+        refresh_token: 'new-refresh-token',
+      };
+      const req = mockRequest({
+        openidTokens: {
+          accessToken: 'old-access-token',
+          idToken: 'existing-id-token',
+          refreshToken: 'old-refresh-token',
+        },
+      });
+      const res = mockResponse();
+
+      const result = setOpenIDAuthTokens(tokenset, req, res, 'user-123');
+
+      expect(result).toBe('new-access-token');
+      expect(req.session.openidTokens.accessToken).toBe('new-access-token');
+      expect(req.session.openidTokens.idToken).toBe('existing-id-token');
+      expect(req.session.openidTokens.refreshToken).toBe('new-refresh-token');
+    });
   });
 
   describe('cookie secure flag', () => {