diff --git a/src/components/settings/AccountProfileTab.tsx b/src/components/settings/AccountProfileTab.tsx
index 206b4f53..45bb8226 100644
--- a/src/components/settings/AccountProfileTab.tsx
+++ b/src/components/settings/AccountProfileTab.tsx
@@ -148,19 +148,36 @@ export function AccountProfileTab() {
     
     setCancellingEmail(true);
     try {
-      // Call the edge function to cancel the email change with admin privileges
+      // Ensure we have a valid session with access token
+      const { data: { session }, error: sessionError } = await supabase.auth.getSession();
+      
+      if (sessionError || !session?.access_token) {
+        console.error('Session error:', sessionError);
+        throw new Error('Your session has expired. Please refresh the page and try again.');
+      }
+
+      // Call the edge function with explicit authorization header
       const { data, error } = await supabase.functions.invoke('cancel-email-change', {
         method: 'POST',
+        headers: {
+          Authorization: `Bearer ${session.access_token}`,
+        },
       });
 
-      if (error) throw error;
+      if (error) {
+        console.error('Edge function error:', error);
+        throw error;
+      }
 
       if (!data?.success) {
         throw new Error(data?.error || 'Failed to cancel email change');
       }
 
       // Force refresh the session to get updated user state
-      await supabase.auth.refreshSession();
+      const { error: refreshError } = await supabase.auth.refreshSession();
+      if (refreshError) {
+        console.error('Session refresh error:', refreshError);
+      }
 
       // Update Novu subscriber back to current email
       if (notificationService.isEnabled()) {
diff --git a/supabase/functions/cancel-email-change/index.ts b/supabase/functions/cancel-email-change/index.ts
index e92aac05..d4d32b27 100644
--- a/supabase/functions/cancel-email-change/index.ts
+++ b/supabase/functions/cancel-email-change/index.ts
@@ -27,14 +27,23 @@ Deno.serve(async (req) => {
     // Get the user from the authorization header
     const authHeader = req.headers.get('Authorization');
     if (!authHeader) {
-      throw new Error('No authorization header');
+      console.error('Missing authorization header');
+      throw new Error('No authorization header provided. Please ensure you are logged in.');
     }
 
     const token = authHeader.replace('Bearer ', '');
+    console.log('Attempting to verify user token...');
+    
     const { data: { user }, error: userError } = await supabaseAdmin.auth.getUser(token);
 
-    if (userError || !user) {
-      throw new Error('Unauthorized');
+    if (userError) {
+      console.error('Token verification failed:', userError);
+      throw new Error('Invalid or expired session. Please refresh the page and try again.');
+    }
+
+    if (!user) {
+      console.error('No user found for token');
+      throw new Error('User not found. Please refresh the page and try again.');
     }
 
     console.log(`Cancelling email change for user ${user.id}`, {