diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go
index e1b3d49a96f51..158b85911b2fb 100644
--- a/lib/web/apiserver.go
+++ b/lib/web/apiserver.go
@@ -2162,7 +2162,17 @@ func (h *Handler) deleteWebSession(w http.ResponseWriter, r *http.Request, _ htt
 
 func (h *Handler) logout(ctx context.Context, w http.ResponseWriter, sctx *SessionContext) error {
 	if err := sctx.Invalidate(ctx); err != nil {
-		return trace.Wrap(err)
+		h.log.
+			WithError(err).
+			WithField("user", sctx.GetUser()).
+			Warn("Failed to invalidate sessions")
+	}
+
+	if err := h.auth.releaseResources(sctx.GetUser(), sctx.GetSessionID()); err != nil {
+		h.log.
+			WithError(err).
+			WithField("session_id", sctx.GetSessionID()).
+			Debug("sessionCache: Failed to release web session")
 	}
 	clearSessionCookies(w)
 
diff --git a/lib/web/sessions.go b/lib/web/sessions.go
index 833f359a2668e..ca12b6177c5a5 100644
--- a/lib/web/sessions.go
+++ b/lib/web/sessions.go
@@ -873,14 +873,8 @@ func (s *sessionCache) invalidateSession(ctx context.Context, sctx *SessionConte
 	}); err != nil && !trace.IsNotFound(err) {
 		sessionDeletionErrs = errors.Join(sessionDeletionErrs, err)
 	}
-	if sessionDeletionErrs != nil {
-		return trace.Wrap(sessionDeletionErrs)
-	}
 
-	if err := s.releaseResources(sctx.GetUser(), sctx.GetSessionID()); err != nil {
-		return trace.Wrap(err)
-	}
-	return nil
+	return trace.Wrap(sessionDeletionErrs)
 }
 
 func (s *sessionCache) getContext(key string) (*SessionContext, bool) {