diff --git a/app/api/middleware/principal/principal.go b/app/api/middleware/principal/principal.go
index 4eadb569f..e733b0fee 100644
--- a/app/api/middleware/principal/principal.go
+++ b/app/api/middleware/principal/principal.go
@@ -45,8 +45,7 @@ func RestrictTo(pType enum.PrincipalType) func(http.Handler) http.Handler {
 			if p.UID == types.AnonymousPrincipalUID {
 				log.Ctx(ctx).Debug().Msgf("Valid principal is required, received an Anonymous.")
 
-				// TODO: revert to Unauthorized once UI is handling it properly.
-				render.NotFound(ctx, w)
+				render.Unauthorized(ctx, w)
 				return
 			}
 
diff --git a/web/src/AppContext.tsx b/web/src/AppContext.tsx
index 26fb71d39..1cbc163c2 100644
--- a/web/src/AppContext.tsx
+++ b/web/src/AppContext.tsx
@@ -79,7 +79,8 @@ export const AppContextProvider: React.FC<{ value: AppProps }> = React.memo(func
     // Fetch current user when conditions to fetch it matched and
     //  - cache does not exist yet
     //  - or cache is expired
-    if (!lazy && (!currentUser || cacheStrategy.isExpired())) {
+    //  - currentSession is not Public
+    if (!lazy && (!currentUser || cacheStrategy.isExpired()) && !initialValue.isCurrentSessionPublic) {
       fetchCurrentUser()
     }
   }, [lazy, fetchCurrentUser, currentUser])